Archive for March 2018

Your Latest IT News Update

‘See In The Dark’ Phone Camera

Chinese electronics company Huawei is heading to the European market with a smartphone that uses a long exposure and AI to take photos in near-dark conditions without a flash.

<More>

Contactless ‘Pay to Pray’

The Church of England has announced that it will be able to accept contactless card payment for donations at 16,000 churches, cathedrals and religious sites.

<More>

£870 Million Super-Cyber-Crook Captured

The suspected leader of the criminal gang behind the Cobalt and Carbanak malware campaigns that targeted banks and netted £870 Million has been arrested in Spain.

<More>

Facebook Revamps Privacy Settings

In a move that Facebook says was due to happen before the recent personal data harvesting scandal, the social media giant has updated its privacy tools to make users more informed and in control.

<More>

Your Computer Data Stored … On DNA?

British scientists believe they have developed a technique that will enable them to store computer files in DNA code.

<More>

Tech Tip – Google Keep

If you need to jot down ideas and to-dos and share them with team members, you may find ‘Google Keep’ a useful tool.

<More>

‘See In The Dark’ Phone Camera

Chinese electronics company Huawei is heading to the European market with a smartphone that uses a long exposure and AI to take photos in near-dark conditions without a flash.

How?

The revolutionary phone camera is able to gather enough light to take a photo in near dark conditions thanks to an exposure lasting up to six seconds. This means that 960 frames per second can be filmed at 720p “high-definition” resolution, thereby delivering a better final image.

The artificial intelligence element is then able to work on the image to remove any blurring and smearing so that the end result is a sharp photo, something that would not be achievable with most other phone cameras.

The Use Of AI

The AI part of the camera is essentially used to find the optimum frame for each item in a shot, take information from other frames to improve the definition of each object, and then merge all the information from those frames together in a single photo that appears brighter than the human eye would see it.

Three Lenses

One of the most noticeable features of the P20 Pro built-in camera is that it has three rear lenses, each offering the user different capabilities. For example:

  1. The main lens offers a high resolution (40 megapixels) and can use ‘light fusion’ to create 10MP photos that look good even in low-light conditions. ‘Light fusion’ is a way of combining four smaller pixels together to make a much larger pixel.
  2. The second lens can take better monochrome shots because it has a 20MP black-and-white sensor.
  3. The third lens has a hardware-stabilised 3x zoom lens, which can produce 5x shots when used with a software-based digital zoom, thereby comparing favourably to the 2x zoom of the Galaxy S9+ and iPhone X.

Two other key benefits of the phone are the composition suggestions that it makes to the user e.g. when to loosen or tighten a shot and the object-recognition which enables the camera to automatically adjust its settings to suit each subject, while not requiring a connection to the internet to do so.

Not In The U.S. Yet

One major challenge that Huawei has with the launch of the P20 Pro is that it is still having problems entering the US market because of suspected ties to the Chinese government. This is thought to have resulted in AT&T and Verizon pulling out of talks to sell its devices.

What Does This Mean For Your Business?

For many businesses, sending photos to potential customers and posting photos online e.g. website and social media is an essential part of their daily business. Lighting is not always perfect, cloudy days are common in the UK, and many services are delivered in dimmer conditions or in the evening. A phone with a camera that can make the most of these conditions could, therefore, be a useful business tool.

This story is also an example of how a company that doesn’t have the brand power of some of its bigger competitors e.g. Samsung or Apple, has gone the extra mile in terms of the product, and part of the challenge will be to get this message across.

For other phone manufacturers that sell in the European market, this product innovation and Huawei’s need and desire to throw everything at it to make up the sales volume expectation that it had in the US, is likely to have them worried.

Contactless ‘Pay to Pray’

The Church of England has announced that it will be able to accept contactless card payment for donations at 16,000 churches, cathedrals and religious sites.

Why?

The Church of England raises a whopping £580m every year in donations, but in today’s society, particularly among young people, cash is carried less often, and there is a trend towards using contactless card payments for most daily transactions.

For example, contactless payments now account for around one-third of all debit card payments, and in terms of value, debit card payments in the UK (£13.4 billion) now exceed cash payments (£13.3 billion). Also, in July last year, Transport for London (TfL) figures showed that 40% of public transport customers in London are paying for their journeys with contactless payment cards.

There has also been a noticeable decline in the use of cash over many years. In 2006, 62% of all payments in the UK were made using cash, and by in 2016 that proportion had fallen to 40%. It has been predicted (UK Finance figures) that by 2026 cash will be used for just 21% of all payments.

Contactless Collections

The Church of England has already tested its contactless payment system in a trial involving 40 churches last year. The system will use technology by London-based fintech start-up ‘SumUp’ and parishioners will be able to make donations using contactless payments, Apple Pay and Google Pay, plus chip and pin transactions.

Donations will be made on a self-service basis. It is thought that this may include including passing around a reader for the collection.

Standing Order Still King

Despite the added convenience that the contactless scheme may offer to both church and churchgoer, the Church of England has said that it expects that most regular donations will continue to come from standing orders.

Catholic Church Too

Back in October last year, the Catholic Church also explored other donation options. For example, several Catholic parishes allowed parishioners to donate via text message on their mobile phone, and a code was made available to them to allow them do this.

Also, worshippers at cathedrals including Guildford and Liverpool have been encouraged to make donations by credit or debit card instead of putting cash in a collection plate or box.

Not Just For Donations

Contactless payment schemes in churches are also helpful for services other than donations. For example, couples can use contactless payment to pay for marriage banns.

What Does This Mean For Your Business?

In a society where it is known that fewer people carry cash and more people prefer to use contactless payments, it makes sense that the church appears to be moving with the times to take account of these trends, and to make the most of the technology that is now more easily available.

Among some commentators, there is an argument that with declining congregations in many churches, more opportunities for donations need to be generated from existing members of the congregation i.e. contactless payments will enable more money to be collected from existing churchgoers.

For many, this move by the church is simply a reflection of the trends in society, and an example of how technology, religion, history and tradition can co-exist in a practical and beneficial way.

£870 Million Super-Cyber-Crook Captured

The suspected leader of the criminal gang behind the Cobalt and Carbanak malware campaigns that targeted banks and netted £870 Million has been arrested in Spain.

The Carbanak & Cobalt Malware Attacks

Cobalt and Carbanak are names of the different generations of malware, increasing in sophistication – 3 were used in all – which the cyber-criminal gang were able to introduce to 100 banks and other financial networks in 40 countries.

Anunak was the first malware campaign to be used by the gang in late 2013. This was followed the same year by Arbanak, which was used in until 2016. Finally, the gang used more sophisticated attacks involving tailor-made malware based on the Cobalt Strike penetration testing software.

EUR 10 Million Per Heist

Cumulative losses to the gang from financial institutions are believed to be in the region of EUR 1 billion, and the Cobalt malware alone allowed criminals to steal up to EUR 10 million per heist.

Sent To Key Staff Members In Emails

The malware was sent to key staff members in booby-trapped phishing emails. When the computers of key staff members became infected with the malware e.g. by being tricked into opening the booby-trapped emails from the criminals, the gang was able to gain remote access to the banking networks to steal money.

Money was stolen by using remote access to order ATMs to dispense money at specific times (collected by gang members), and by altering databases to increase account balances so that more ‘mules’ could be used to collect even more money from inflated accounts via chosen ATMs.

Stolen money was also laundered via crypto-currencies and payment cards which enabled the purchase of luxury goods and houses.

Carbanak was claimed to have been discovered in 2014 by the Russian/UK Cyber Crime Company Kaspersky Lab.

Arrested

The person (as yet un-named by authorities) believed to have masterminded the crimes was arrested in Alicante, Spain. The arrest was the result of a complex investigation by the Spanish National Police, supported by Europol, the (US) FBI, the Romanian, Moldovan, Belarussian and Taiwanese authorities and private cyber security companies.

What Does This Mean For Your Business?

It’s all-too-often that we hear of major hacks and security breaches of businesses and organisations but it is rare to hear about the culprits being caught. The remote and often invisible nature of the crimes, coupled with the anonymity and complexity of the methods of attack and money collection tends to make cyber criminals difficult to apprehend. A combined and expert effort is needed, which is what has happened in this case, and it can only be good news for businesses worldwide that one key player appears to have been caught.

More cynical commentators may say that it was the large sums of money involved, and the facts that banks and financial institutions were victims that prompted such and effort to catch the perpetrators, something that, perhaps, smaller businesses may not expect when they are targeted, even though the results of an attack may be more devastating.

This story is also a reminder that not only are many attacks sophisticated, but human error by staff members is still an important element in allowing successful cyber attacks to take place. Cyber security is the responsibility of all of us, and companies and organisations should make sure that all staff receive training about likely cyber threats and what procedures to follow when dealing with emails or requests to transfer money. Making it a rule to never open unknown emails is one basic way of counteracting the serious threat posed by malware.

Facebook Revamps Privacy Settings

In a move that Facebook says was due to happen before the recent personal data harvesting scandal, the social media giant has updated its privacy tools to make users more informed and in control.

50 Million Profiles Harvested

The high-profile outcry that followed revelations over data from 50 million profiles that were harvested for use by Cambridge Analytica has resulted in around £56bn being wiped off Facebook’s market value since 16 March.

It is also unknown as yet how much damage has been done to the Facebook brand and the trust placed in it by users, although some commentators have suggested that Facebook is so much a part of daily life for people, and there is a lack of real alternatives, that the damage in terms of user loyalty may not be as bad as the media has suggested.

Changes

Even though Facebook has suggested that privacy settings changes were on the cards long before this latest scandal hit the headlines, some commentators must feel justified in saying that it is no coincidence that Facebook have announced on their Blog this week, changes to the platform that are intended to help people understand how Facebook works and the choices they have over their data.

In summary, the changes that Facebook has announced are:

  • Generally making data settings and tools easier to find. In short, a re-designed settings menu on mobile devices means making everything accessible from a single place, plus, outdated parts have been cleaned up to clarify what information can and can’t be shared with apps.
  • There is a new ‘Privacy Shortcuts’ menu where you can:
    – Add more security e.g. add more security layers e.g. two-factor authentication.
    – Review what personal information you’ve shared and delete it if you want to – this includes posts you’ve shared or reacted to, friend requests you’ve sent, and things you’ve searched for on Facebook.
    – Manage the information you give that will influence the type of adverts you’re shown.
    – Manage who sees you posts and profiles.
  • The introduction of a new ‘Access Your Information’ section where you can securely access and manage e.g. posts, reactions, comments, and things you’ve searched for, as well as being able to delete anything from your timeline or profile that you no longer want on Facebook.
  • Giving you the ability to download a secure copy of the data that you’ve shared with Facebook, and giving you the option to move it to another service. This includes photos you’ve uploaded, contacts you’ve added to your account, and posts on your timeline.

More Changes To Come

Facebook has also said that in the coming weeks, it will be proposing updates to its terms of service and its data policy to better spell out what data it collects and how it uses it. Facebook is keen, in the light of the recent scandal, to point out that the updates are about transparency, and not about gaining new rights to collect, use, or share data.

Some commentators have suggested that Facebook also intends to make the link to fully delete an account more prominent.

Acknowledges Trust Damage

Facbook has acknowledged that it has lost peoples’ trust and it needs to get to work on regaining it, and no doubt, the hope is that these changes (that Facebook has worked on with regulators, legislators and privacy experts) are intended as an initial offering in the move to achieve that as well as to make the platform more GDPR-ready.

What Does This Mean For Your Business?

Yes, there is an element of Facebook needing to get something positive out there quickly to show that it’s doing something in response to media and public opinion about the damaging recent scandal. These changes are also, however, a clear move by Facebook to make sure that it will be GDPR compliant when the new regulation comes into force in May. The sheer size of Facebook’s customer base, and the company’s earnings mean that the company is very aware of the challenges that GDPR could bring e.g. with data breaches and with GDPR in force, Facebook could potentially be looking at fines of 4% of its global turnover. It’s no wonder, therefore, that the changes to the privacy settings of the platform have been made now.

Your Computer Data Stored … On DNA?

British scientists believe they have developed a technique that will enable them to store computer files in DNA code.

Why?

Data storage takes up a huge amount of space. It is estimated that there is now 3 zettabytes (3000 billion billion bytes) of digital data, with more being generated all the time.

Also, storage media such as hard disks are expensive and require a constant supply of expensive electricity, and even the best ‘no-power’ archiving materials e.g. magnetic tape degrade within a decade.

What’s So Good About DNA?

It is estimated that, if all the data on the internet was stored in DNA, it would be the size of a shoebox, and that every bit of datum ever recorded by humans could fit in a container about the size and weight of a couple of pickup trucks.

Using DNA could, therefore, provide a highly effective, ultra-compact space-saving solution, that doesn’t require large amounts of costly electricity.

Also, DNA can keep for hundreds of thousands of years if kept in a cool, dry place. Data stored in DNA won’t degrade over time, and it can be decoded relatively easily.

Another advantage of DNA is that it won’t become obsolete, and unlike other high-density approaches, new technologies can write and read large amounts of DNA in one go.

Synthesized DNA as a storage medium could, therefore, provide a very practical, high-capacity, robust, low-maintenance information storage solution long into the future.

How Can Digital Data Be Stored In DNA?

Scientists from the European Bioinformatics Institute have developed a method whereby the basis of digital data, which is made up of ones and zeros, is changed into their own code as Cs, Gs, and Ts.

This converted code is then sent to a US laboratory, which turns the letter code into physical DNA, so that it can act like an incredibly small hard drive. The laboratory uses DNA synthesis machines to transform the code into physical material in a similar way to how an inkjet printer lays down ink on paper. The physical result is a tiny piece of dust with the vital digital data stored inside. An estimated 215 petabytes (215 million gigabytes) of data could be stored in a single gram of DNA.

Tried Back In 2013

The potential of using DNA storage was highlighted back in 2013 when scientists in Cambridge spelled out a collection of Shakespeare’s 154 sonnets in DNA.

Expensive And Could Take Time

As you may expect, the costs of DNA data storage in the next 5 year period are expected to be very high, although experts believe that in the next 10 to 15 years, a more affordable system may be more widely available.

What Does This Mean For Your Business?

Although the cost of this new storage system is likely to be prohibitively high to the vast majority of business it does hold a lot of promise for years to come. DNA storage could, in the long run, allow businesses to store and back up incredible amounts of data in a very convenient way with dramatically reduced space, equipment, and electricity costs, and to be assured that the data could be stored, without decay, for many thousands of years. The potential and real value of such a system is something that will only truly be understood by future generations.

Tech Tip – Google Keep

If you need to jot down ideas and to-dos and share them with team members, you may find ‘Google Keep’ a useful tool.

With Google Keep can:

– Record voice memos within Google Keep on your Android or iOS device.
– Transcribe text from pictures, so you don’t have to worry about typing up notes from a meeting or whiteboard session – you can even photograph a note to get the text from it.
– Create drawings and search hand written notes.
– Take notes you’ve created in Keep, and drag them into Google Docs e.g. client proposals and more.

Your Latest IT News Update

50 Million Facebook User’s Data Used By Cambridge Analytica

Facebook is at the heart of a storm after a whistleblower alleged that the data analytics firm that worked with Donald Trump’s election team and the winning Brexit campaign harvested 50 million Facebook profiles from a data breach.

<More>

Camelot Hack – ‘It Could Be You!’

Lottery operator Camelot has announced that 150 customer accounts have been affected by a hack that took place prior to Friday’s £14-million draw at 8.30pm.

<More>

Huge UK Increase In Demand For AI Professionals

A study by job website ‘Indeed’ based on job postings on its site since 2015 has found that demand for skills in AI and machine learning has almost tripled in 3 years.

<More>

First Direct Customers Can Pay By Siri

First Direct customers can now make voice-activated payments to existing payees or mobile contacts via the Siri tool on their Apple iPhones, without logging into online banking or using their password.

<More>

Fighting Exploitation Via Blockchain and Coke

Coca-Cola, the US State Department, and 2 other companies are working on a project to used blockchain to fight forced labour worldwide.

<More>

Tech Tip(s) – Browser Security

Your Internet browser is one of your most-used applications, so it makes sense that you should make yours as secure as possible. Here are a few tips to help you do just that :

<More>

50 Million Facebook User’s Data With Cambridge Analytica

Facebook is at the heart of a storm after a whistleblower alleged that the data analytics firm that worked with Donald Trump’s election team and the winning Brexit campaign harvested 50 million Facebook profiles from a data breach.

Why?

London-based data analytics company, Cambridge Analytica, which was once headed by Trump’s key adviser Steve Bannon, has been accused of illegally harvesting 50 million Facebook profiles in early 2014 in order to build a software program that could predict and use personalised political adverts to influence choices at the ballot box in the last U.S. election.

Under Investigation

Cambridge Analytica is already the subject of two inquiries in the UK. The first is by the Electoral Commission which is looking into the company’s possible role in the EU referendum. The second is by the Information Commissioner’s Office which is looking into the company’s possible use of data analytics for political purposes.

Also, the company is the subject of an investigation in the US over possible Trump-Russia collusion.

It has been reported that Elizabeth Denham, the head of Britain’s Information Commission, is seeking a warrant to search the offices of consultancy Cambridge Analytica over the breach.

Facebook Under Scrutiny

Facebook has, of course, faced strong criticism over the breach, one tangible result of which has been nearly $40 billion off its market value as Facebook’s investors have become worried that damage to the reputation of the social media giant’s network will deter users and advertisers.

In a BBC radio report, the ICO’s chief Elizabeth Denhan said that the ICO is looking at whether or not Facebook secured and safeguarded personal information on its platform, and whether Facebook, when they found out about the loss of the data, acted robustly and whether or not people were informed.

Also, the head of Britain’s cross-party Media parliamentary committee is reported to have written to Facebook’s Mark Zuckerberg asking for more information by Monday 26 March, and in Dublin, Ireland’s privacy watchdog (the lead regulator for Facebook in the European Union) has said that it is following up with Facebook to clarify its oversight.

Harvested By Kogan’s App

It has been reported that the data was harvested from Facebook by an app on Facebook’s platform, created by British academic, Aleksandr Kogan, that was downloaded by 270,000 people, providing access to their own and their friends’ personal data too. It has been reported that Kogan says he changed the terms and conditions of his personality-test app on Facebook from academic to commercial part way through the project.

Facebook has said that Kogan violated its policies by passing the data to Cambridge Analytica, and Facebook was told that the data has since been destroyed, and has made its own efforts to obtain proof that it has been destroyed.

Mr Kogan has said on BBC radio that he was advised that the app was entirely legal, and that he thinks he’s being made a scapegoat for Facebook and Cambridge Analytica.

This latest incident sees Facebook back in hot water following on from reports of how its platform was used by outside interests for posts and adverts that were designed to influence the result of the US election. The share price has been impacted significantly this week.

What Does This Mean For Your Business?

There are so many worrying facets to this story, not least that personal data may not have been protected well enough to allow it to be harvested by an app on the platform, and then passed to a third-party that allegedly used it to create a tool to influence elections. Also, it has been several years since the breach happened, and news of the breach has only just been released. Some industry insiders have described the incident as ‘horrifying’, and many may rightfully believe that Facebook has a lot of questions to answer, as does Cambridge Analytica.

Facebook will be painfully aware that if the ICO’s investigations find Facebook to be at fault, the social media giant could be looking at a fine of up to 500,000 pounds ($700,000), and with the introduction of GDPR in May, it could be facing fines of up to 4% of its global turnover.

Also, Facebook is a major advertising platform for businesses, and some marketing commentators have pointed to the fact that scrutiny of Facebook over this latest issue could impact Facebook’s ability to gather and deploy data for ad targeting, which has been vital to ad efficacy and budget growth.

All the recent bad publicity about Facebook has seen the number of daily users in the United States and Canada fall for the first time in its history, dipping in the company’s home market by 700,000 from a quarter earlier to 184 million.

We haven’t heard the half of this story yet, and it remains to be seen what information will be released in the coming days and weeks and as the result of numerous investigations.

Camelot Hack – ‘It Could be You!’

Lottery operator Camelot has announced that 150 customer accounts have been affected by a hack that took place prior to Friday’s £14-million draw at 8.30pm.

Low Level

The company has described the hack as ‘low level’ and has stressed that no money was stolen, and that the attackers only saw limited information. Camelot attributed the early discovery of the attack to its regular security monitoring which, in this case, detected suspicious activity on a small number of accounts.

Credential-Stuffing

The kind of hack that took place was a method known as ‘credential-stuffing’. This hack uses a list of passwords taken from other websites that have been circulated online e.g. on hacking groups / on the dark web. This method relies on people using the same password for multiple websites.

Suspended Accounts + Change Passwords

Camelot has said that it has directly contacted the customers whose accounts had been affected and all of the affected accounts have now been suspended. The company has also advised all 10.5 million National Lottery players to change the password on their online accounts.

Warned In November 2016

Back in November 2016, Camelot announced that it believed that as many as 26,500 online National Lottery accounts had been hacked using login details that had been stolen from elsewhere (e.g. a list of stolen passwords circulated online). At the time, Camelot said that it believed that suspicious activity appeared to have taken place in fewer than 50 of the hacked accounts.

Camelot re-assured customers by saying that it didn’t hold full debit card or bank account details in the online accounts for National Lottery player, and no money had been taken or deposited.

Criticism

Although, as in the latest hack, Camelot was quick to submit a breach report to The Information Commissioner’s Office, some critics voiced concerns and suspicion that there could have been some kind of deficiency in the system to allow 26,500 correct logins while saying that the details were not taken from Camelot’s servers.

What Does This Mean For Your Business?

If you have an online National Lottery account, change the password as soon as possible.

This story illustrates one of the main dangers of using the same passwords for multiple accounts. If there is a hack and theft of your login details from just one website, you could be in danger of falling victim to cyber-crime as those details are circulateing among other hackers and used for credential-stuffing attacks. The advice is, therefore, to change your passwords regularly and avoid using the same password for multiple accounts.

This story is also a reminder that businesses have a legal responsibility to protect customer data, and this responsibility will be enforced even more rigorously, and with the threat of very large fines for non-compliance with the introduction of GDPR in May this year.

One positive aspect of this story is that Camelot appear to have been proactive in their monitoring of customer account activity, were quick to inform the Information Commissioner’s Office, publicly announced the hack, and gave clear advice to customers (unlike many other companies). This story is also an example of why having a good Disaster Recovery Plan is important.