The former face of China’s “Great Firewall,” Lu Wei, has become the first “tiger” to come under the Communist Party’s corruption investigation since President Xi Jinping began his second term last month.

Analysts say the graft probe into Lu’s corruption practices is widely believed to be legitimate and long overdue.

But Lu’s downfall has highlighted the simmering discontent among the country’s netizens, many of whom have been frustrated with tougher internet regulations imposed by him.

It has also made a mockery of so-called Xi Praise, a flattery culture centering on the building of the Xi cult, analysts add.

​Graft probe

Late Tuesday, China’s top anti-corruption agency announced on its website that 57-year-old Lu, who formerly served as deputy chief of the party propaganda department, has been detained in an internal graft probe.

Along with six of his colleagues and family members, Lu was reportedly taken away by investigators late last week.

Lu, who served as the head of China’s cyberspace administration between 2013 and 2016, was the key person in implementing Xi’s cyberspace policies.

In that role, he wielded great power over what the country’s 730 million internet users could access and acted as the gatekeeper for foreign technology companies seeking to enter the Chinese market.

Because of that, Time magazine named him one of the world’s 100 most influential people in 2015.

​Just a cat

But his political career ended when he was stripped of the title as China’s internet censor and was replaced by Xu Lin, a Xi protégé, in June 2016.

“Actually, he ceased to be a tiger long ago. He’s not a fly, but he’s now just a cat instead of a tiger because he already lost his power in June 2016,” Hong Kong-based China watcher Willy Lam told VOA.

In one of its two other statements, China’s anti-graft body Wednesday explained why Lu became the first tiger under graft investigation after the party’s 19th National Congress.

The cyberspace administration with Lu at the helm was found to have not been staunch enough in executing Xi’s instructions, lacked political responsibility and integrity while being operated by a network of small circles, the statement said.

‘Offenses of bygone’

The other statement warned not to “expect [criminal] offenses of bygone will be bygone today, lessons learned from the fall of Lu Wei.”

No details about Lu’s corruption offenses were revealed.

Chinese media reported that investigators would be mainly looking into corruption charges against Lu during the period when he worked for state-run Xinhua News Agency from 1991 and 2011.

Media speculation is also rife that Lu had angered Xi when the top leader discovered that the former internet censor had hired foreigners to masquerade as CEOs of multinational tech companies attending the World Internet Conference held in Wuzhen, Zhejiang province, in 2014.

​Xi praise

But Lam said that Xi, who he said is a “macromania,” has no one but himself to blame for the trend of Xi Praise, a flattery culture in Chinese politics.

“This is the art of survival in the Chinese empire, so to speak. The officials have to be seen as bending forward and backward to please Xi Jinping,” Lam said.

But Li Datong, managing director of Freezing Point, a weekly that reported on all aspects of contemporary life in China, said Xi Praise is an act of self-deception.

“If Xi Jinping knows how to surf on the Internet, he will see from a bevy of [online] chat rooms that many [netizens] not only made fun of him, but also lashed out at Xi Cult. It’s a game for government officials themselves to play,” Li said.

Discontent with internet controls

Chinese internet users, however, are happy to see Lu go, venting their frustrations over Internet controls.

But on Wednesday, a report in the state-run Global Times pointed out, “while news of Lu’s removal has made a buzz on the internet, his corruption investigation isn’t aimed at addressing dissatisfaction expressed by a minority of people over tighter internet controls. Neither is it a signal that internet controls will be re-evaluated as some have expected.”

Li said netizens are aware of the fact that the country’s internet controls won’t be eased following Lu’s downfall.

“Everybody knows that there won’t be a change of policy. But they are still happy to see the executioner [Lu], who has done all evils, being taken down. [Internet] policies are national policies, which won’t be easily revised as a result of personnel reshuffle,” Li said.

On Thursday, Lu Wei was the top-trending topic on freeweibo.com, a website that captures censored social media posts. On SINA Weibo, China’s Twitter-like microblogging platform, online comments posted by users in response to news reports were mostly erased.
…

A startup is making fuel from waste coffee grounds to power some of London’s buses. VOA’s Steve Baragona reports.
…

Facebook Inc. said Wednesday that it would build a web page to allow users to see which Russian propaganda accounts they have liked or followed, after U.S. lawmakers demanded that the social network be more open about the reach of the accounts.

U.S. lawmakers called the announcement a positive step. The web page, though, would fall short of their demands that Facebook individually notify users about Russian propaganda posts or ads they were exposed to.

Facebook, Alphabet Inc.’s Google and Twitter Inc. are facing a backlash after saying Russians used their services to anonymously spread divisive messages among Americans in the run-up to the 2016 U.S. elections.

U.S. lawmakers have criticized the tech firms for not doing more to detect the alleged election meddling, which the Russian government denies involvement in.

Facebook says the propaganda came from the Internet Research Agency, a Russian organization that according to lawmakers and researchers employs hundreds of people to push pro-Kremlin content under phony social media accounts.

As many as 126 million people could have been served posts on Facebook and 20 million on Instagram, the company says. Facebook has since deactivated the accounts.

Available by year’s end

Facebook, in a statement, said it would let people see which pages or accounts they liked or followed between January 2015 and August 2017 that were affiliated with the Internet Research Agency.

The tool will be available by the end of the year as “part of our ongoing effort to protect our platforms and the people who use them from bad actors who try to undermine our democracy,” Facebook said.

The web page will show only a list of accounts, not the posts or ads affiliated with them, according to a mock-up. U.S. lawmakers have separately published some posts.

It was not clear whether Facebook would eventually do more, such as sending individualized notifications to users.

Lawmakers at congressional hearings this month suggested that Facebook might have an obligation to notify people who accessed deceptive foreign government material.

Senator Richard Blumenthal, a Connecticut Democrat who had asked for notifications, said Facebook’s plan “seems to be a serious response” to his request.

“My hope is that it will be a responsible first step towards protecting against future assaults on its platform,” he said in a statement.

Representative Adam Schiff, a California Democrat, called it a “very positive step” and said lawmakers look forward to additional steps by tech companies to improve transparency.
…

Uber is coming clean about its cover-up of a year-old hacking attack that stole personal information about more than 57 million of the beleaguered ride-hailing service’s customers and drivers.

So far, there’s no evidence that the data taken has been misused, according to a Tuesday blog post by Uber’s recently hired CEO, Dara Khosrowshahi. Part of the reason nothing malicious has happened is because Uber acknowledges paying the hackers $100,000 to destroy the stolen information.

The revelation marks the latest stain on Uber’s reputation. It also brought an investigation from New York’s attorney general and threats of larger-than-normal fines from British authorities for failing to promptly disclose the hack.

The San Francisco company ousted Travis Kalanick as CEO in June after an internal investigation concluded he had built a culture that allowed female workers to be sexually harassed and encouraged employees to push legal limits.

It’s also the latest major breach involving a prominent company that didn’t notify the people that could be potentially harmed for months or even years after the break-in occurred.

Yahoo didn’t make its first disclosure about hacks that hit 3 billion user accounts during 2013 and 2014 until September 2016. Credit reporting service Equifax waited several months before revealing this past September that hackers had carted off the Social Security numbers of 145 million Americans.

Khosrowshahi criticized Uber’s handling of its data theft in his blog post.

“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” Khosrowshahi wrote. “We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”

That pledge shouldn’t excuse Uber’s previous regime for its egregious behavior, said Sam Curry, chief security officer for the computer security firm Cybereason.

“The truly scary thing here is that Uber paid a bribe, essentially a ransom to make this breach go away, and they acted as if they were above the law,” Curry said. “Those people responsible for the integrity and confidentiality of the data in-fact covered it up.”

The heist took the names, email addresses and mobile phone numbers of 57 million riders around the world. The thieves also nabbed the driver’s license numbers of 600,000 Uber drivers in the U.S.

Uber waited until Tuesday to begin notifying the drivers with compromised driver’s licenses, which can be particularly useful for perpetrating identify theft. For that reason, Uber will now pay for free credit-report monitoring and identity theft protection services for the affected drivers.

Kalanick, who still sits on Uber’s board of directors, declined to comment on the data breach that took place in October 2016. Uber says the response to the hack was handled by its chief security officer, Joe Sullivan, a former federal prosecutor whom Kalanick lured away from Facebook in 2015.

As part of his effort to set things right, Khosrowshahi extracted Sullivan’s resignation from Uber and also jettisoned Craig Clark, a lawyer who reported to Sullivan.

Clark didn’t immediately respond to a request for comment sent through his LinkedIn profile. Efforts to reach Sullivan were unsuccessful.

On Wednesday, New York Attorney General Eric Schneiderman’s office confirmed that it had opened an investigation into the data theft, but a spokeswoman wouldn’t comment further. New York law requires that companies notify the attorney general and consumers if data is stolen.

In London, Britain’s Deputy Information Commissioner James Dipple-Johnstone said Wednesday the company faces “higher fines” because it concealed the hack from the public.

The Information Commissioner’s Office and the National Cyber Security Center are working to gauge the severity of the problem for British Uber users.

Uber’s silence about its breach came while it was negotiating with the Federal Trade Commission about its handling of its riders’ information.

Earlier in 2016, the company reached a settlement with the New York attorney general requiring it to take steps to be more vigilant about protecting the information that its app stores about its riders. As part of that settlement, Uber also paid a $20,000 fine for waiting to notify five months about another data breach that it discovered in September 2014.
…

You can reach into your pocket and tell whether you’ve grabbed coins or keys, and now researchers in California have developed a robot with a similar level of tactile sensitivity. Faith Lapidus reports.
…

Uber Technologies Inc failed to disclose a massive breach last year that exposed the data of some 57 million users of the ride-sharing service, the company’s new chief executive officer said on Tuesday.

Discovery of the company’s handling of the incident led to the departure of two employees who led Uber’s response to the incident, said Dara Khosrowshahi, who was named CEO in August following the departure of founder Travis Kalanick. Khosrowshahi said he had only recently learned of the matter himself.

The company’s admission that it failed to disclose the breach comes as Uber seeks to recover from a series of crises that culminated in the Kalanick’s ouster in June.

“None of this should have happened, and I will not make excuses for it,” Khosrowshahi said in a blog post.

According to the company’s account, two individuals downloaded data from a web-based server at another company that provided Uber with cloud-computing services.

The data contained names, email addresses and mobile phone numbers of some 57 million Uber users around the world. The hackers also downloaded names and driver’s license numbers of some 600,000 of the company’s U.S. drivers, Khosrowshahi said in a blog post.

Bloomberg News reported that Uber’s chief security officer Joe Sullivan and a deputy had been ousted from the company this week because of their role in the handling of the incident. The company paid hackers $100,000 to delete the stolen data, according to Bloomberg.

Though such payoffs are rarely discussed in public, U.S. Federal Bureau of Investigation officials and private security companies have told Reuters in the past year that an increasing number of companies have made payments to criminal hackers who have turned to extortion.

None have previously come to light that aimed to suppress breaches that would have required public disclosure, such as those involving protected personal information. Sullivan did not immediately return messages seeking comment.

Sullivan, formerly the top security official at Facebook Inc, is a former federal prosecutor and one of the most admired security executives in Silicon Valley.

Kalanick learned of the breach a month after it took place, in November 2016, as the company was in negotiations with the U.S. Federal Trade Commission over the handling of consumer data, according to Bloomberg.

Uber representatives did not respond when asked to comment on the Bloomberg report.

Khosrowshahi said he had hired Matt Olsen, former general counsel of the U.S. National Security Agency, to help him figure out how to best guide and structure the company’s security teams and processes.

“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” he said. “We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”

 
…

U.S. prosecutors charged an Iranian with hacking into computer systems of the cable TV channel HBO earlier this year, stealing information about the hit program “Game of Thrones” and attempting to extort millions of dollars from the company.

In an indictment Tuesday, prosecutors said 29-year-old Behzad Mesri has had ties to Iran’s military and is a member of an Iran-based hacking group known as the Turk Black Hat security team.

Mesril’s stolen material included video of unaired episodes of several original HBO shows, scripts and plot summaries of upcoming episodes of “Game of Thrones,” and confidential cast and crew contact information, according to the indictment.

Mesri claims to have stolen 1.5 terabytes of data from HBO.

Demanded $6 million in Bitcoin

In late July, Mesri emailed HBO executives on several occasions, threatening to release the material unless the entertainment company paid him $5.5 million worth of Bitcoin digital currency, a ransom amount he later increased to $6 million.

“Hi to all losers! Yes, it’s true.  HBO is hacked! Beware of heart attack!!!” he allegedly wrote in one anonymous email.  In another he bragged that “HBO was one of our difficult targets to deal with but we succeeded.”

After HBO refused to make a payment, Mesri allegedly posted portions of the stolen videos and five scripts from Game of Throne episodes on websites he controlled.

Mesri has not been arrested, and faces multiple charges, including wire fraud, which carries a maximum sentence of 20 years and one count of computer hacking, which could be punished with up to five years in prison.

More indictments expects

 The indictment is one of several cases involving Iranian suspects prosecutors plan to announce in the coming month, the Washington Post reported on Sunday, citing people familiar with the matter. In July, the Justice Department indicted two Iranian nationals with hacking a Vermont-based software company.

“Mesri now stands charged with federal crimes, and although not arrested today, he will forever have to look over his shoulder until he is made to face justice,” said Acting U.S. Attorney for the Southern District of New York Joon Kim.

Prosecutors allege that Mesri “had previously worked on behalf of the Iranian military to conduct computer network attacks that targeted military systems, nuclear software systems, and Israeli infrastructure.”

As a member of the Turk Black Hat, Mesri is alleged to have conducted hundreds of website defacements in the United States and elsewhere using the online pseudonym Skote Vahshat,  according to the indictment.

In a note to journalists, HBO said it had been “working with law enforcement from the early stages of the cyber incident.”

 
…

Federal Communications Commission Chairman Ajit Pai on Tuesday followed through on his pledge to repeal 2015 regulations designed to ensure that internet service providers treat all online content and apps equally, setting up a showdown with consumer groups and internet companies who fear the move will stifle competition and innovation.

The current rules, known as net neutrality, impose utility-style regulation on ISPs such as Comcast, AT&T and Verizon to prevent them from favoring their own digital services over those of their rivals.

Pai said that he believes the net neutrality rules adopted during the Obama administration discourage the ISPs from making investments in their network that would provide even better and faster online access.

“Under my proposal, the federal government will stop micromanaging the internet,” Pai said in a statement.

Pai distributed his alternative plan to other FCC commissioners Tuesday in preparation for a Dec. 14 vote on the proposal. He promised to release his entire proposal Wednesday.

The attempt to repeal net neutrality has triggered protests from consumer groups and internet companies. More than 22 million comments have been filed with the FCC about whether net neutrality should be rolled back.

The Internet Association, a group whose members include major internet companies such as Google and Amazon, vowed to continue to fight to keep the current net neutrality rules intact.

“Consumers have little choice in their ISP, and service providers should not be allowed to use this gatekeeper position at the point of connection to discriminate against websites and apps,” the group’s CEO Michael Beckerman said in a Tuesday statement.

Consumers Union predicted a repeal of net neutrality would allow ISPs to raise their prices and give preferential treatment to certain sites and apps.

“Strong net neutrality rules are vital to consumers’ everyday lives and essential to preserving the internet as we know it today _ an open marketplace where websites large and small compete on equal terms and where information and ideas move freely,” said Jonathan Schwantes, the advocacy group’s senior policy counsel.

Two of the FCC’s five voting commissioners signaled they will oppose Pai’s plan.

Commissioner Jessica Rosenworcel derided Pai’s plan as “ridiculous and offensive to the millions of Americans who use the internet every day.”

Commissioner Mignon L. Clyburn skewered Pai’s proposals as “a giveaway to the nation’s largest communications companies, at the expense of consumers and innovation.”

Rosenworcel and Clyburn are the lone Democrats on the FCC.

Pai’s proposal on net neutrality comes after the Republican-dominated commission voted 3-2 last week to weaken rules meant to support independent local media, undoing a ban on companies owning newspapers and broadcast stations in a single market.
…

Denmark intends to invest to boost efforts to prevent cyber attacks in a strategy to be presented early next year, its defense minister said on Tuesday.

“We are going to spend more money in this area,” Claus Hjort Frederiksen told Reuters on the sidelines of a conference in Copenhagen, though he declined to disclose a figure.

Cybersecurity is “very high on the agenda” for the right-leaning government, but also for the broad selection of Danish political parties negotiating a new defense strategy for the coming six years, he said.

The government would like to expand an early warning system with sensors that detects when Danish companies or authorities are under attack from, for example, malware.

“To some degree we do have a system today, but we would like to expand it to the strategic infrastructure and to private companies,” he told Reuters.

The government also wants to increase the preventive capacity at the Danish center for cybersecurity to increase its ability to better catch and inform about imminent cyber threats, he said.

World’s no.1 container shipper and one of Denmark’s largest companies Maersk was hit by major cyber attack in June, one of the biggest-ever disruptions to hit global shipping.

The government also works for a deeper cooperation between authorities and private companies in battling cyber attacks, Frederiksen said.

He said he believed companies were sometimes reluctant to inform they had been hit by cyber attacks, because they were afraid to scare off customers or investors.

Frederiksen said he saw the overall cyber threat as “one of the greatest threats of our time.”

“If you can undermine our democratic nations by hacking the energy systems or the communication systems or the financial systems it will undermine our own people’s belief in our societies’ ability to protect them,” he said.

Russia hacked the Danish defense network and gained access to employees’ emails in 2015 and 2016, Frederiksen said in April.

Danish troops will get training in how to deal with Russian misinformation before being sent to join a NATO military build-up in Estonia in January, Frederiksen said in July.

 
…