All posts by Connor Jones

WhatsApp Gold scam returns with ‘martinelli’ malware threat


Connor Jones

7 Jan, 2019

WhatsApp Gold, the scam that’s been hitting users’ phones since 2016, has once again surfaced, masquerading this time as a new update that hides a malware payload.

WhatsApp Gold has been confirmed by WhatsApp to be a hoax set up by scammers to convince users that by clicking on the link users can receive an update to a new form of WhatsApp. Some previous iterations have attempted to convince users that the new version is exclusive and previously only available to celebrities.

The latest message to do the rounds reads: “Today the radio was talking about WhatsApp Gold and it is true. There is a video that will be released tomorrow on WhatsApp and is called Martinelli. Do not open it. Enter your phone and nothing you do will fix it. Spread the message if you know someone. If you receive a message to update Whatsapp Gold Do not open it! They just announced that the virus is serious. Send it to everyone.”

While the message only hints at the idea of WhatsApp Gold, there is no such service in existence. What’s more, it seems the purpose of the message is also to spread fear about a potential malware threat known as ‘Martinelli’ – again, no such video exists.

It isn’t the first time we’ve heard of ‘martinelli’ either. Back in 2017, a similar pseudo-warning was circulated around the messaging app claiming that a video called ‘martinelli’ would download malware to the user’s device if it was opened when in fact, no such video existed.

WhatsApp Gold has used various means to convince users that the link provided was genuine from the promise of free flights to scare tactics such as convincing the user was hacked and that their phone number would be changed imminently.

The original, poorly constructed message distributed in 2016 read: “Hey Finally Secret WhatsApp golden version has been leaked, This version is used only by big celebrities. Now we can use it too.”

It’s important to stay savvy when receiving messages from unknown contacts in any messaging service. The same awareness of phishing emails must be applied to everything you receive on the web.

Any updates to WhatsApp will usually occur automatically, or through your device’s app store. If it looks too good to be true then it probably is and you should never open links from an unidentified source.

If you have encountered the message, the best course of action is to ignore it and delete it promptly.

Google Cloud says it won’t sell general facial recognition software


Connor Jones

17 Dec, 2018

Google Cloud has announced that it will not sell general-purpose AI-driven facial recognition technology until the technology is polished and concerns over data protection and privacy have been addressed in law.

“Google has long been committed to the responsible development of AI. These principles guide our decisions on what types of features to build and research to pursue,” said Kent Walker, SVP of global affairs at Google. “Facial recognition merits careful consideration to ensure its use is aligned with our principles and values and avoids abuse and harmful outcomes.

“Google Cloud has chosen not to offer general-purpose facial recognition APIs before working through important technology and policy questions,” he added.

It’s unclear what these questions are or what needs reworking in the technology, but Walker believes that AI can benefit good causes such as “new assistive technologies and tools to help find missing persons”. But despite that, recent movements argue that facial recognition tech needs regulating.

The announcement follows news surfacing about the tech community, specifically AI researchers, lawmakers and technology companies, forming a rare consensus regarding the regulation of facial recognition technology.

The Algorithmic Justice League and the Center of Privacy & Technology at Georgetown University Law Center unveiled the Safe Face pledge earlier this month which aims to get big AI developers to commit to limiting the sale of their tech, including to law enforcement, unless specific laws have been debated and implemented.

The call to action was initiated because of the rising concern around the bias and mass surveillance risks associated with facial recognition technology deployed on a commercial scale.

Notable signatures on the pledge have so far come from leading researchers and esteemed figures in the tech community but none of the big developers, such as Microsoft, Amazon or Google, have committed as of yet.

This could be because multi-billion dollar contracts are at stake for vendors that develop the first marketable tech in emerging fields such as AI-driven video analysis, according to market researcher IHS Markit. Video surveillance technology is already a market worth $18.5 billion and with AI making the analysis more efficient, it would be unwise for any of the big developers to walk away.

“There are going to be some large vendors who refuse to sign or are reluctant to sign because they want these government contracts,” said Laura Moy to Bloomberg, executive director of the Center on Privacy & Technology.

Sundar Pichai, CEO of Google announced back in June a set of AI principles following the mass backlash from Google’s staff after its AI tech was being used by the Pentagon’s drone program in Project Maven.

The seven principles were drafted to ensure Google develops AI tech in an ethical way and following its publication, Google announced that it would not renew the Pentagon’s drone contract.

The same principles have influenced its decision to not market general-purpose facial recognition APIs. One of its AI principles is to avoid creating or reinforcing unfair bias, something current tech has shown to have issues with, specifically with errors around the detection of skin colours other than white.

It’s unclear whether the necessary laws that are needed for the technology’s implementation will arrive any time soon. Brad Smith, president of Microsoft and chief legal officer put the chances of federal legislation in 2019 at 50-50, in a televised Bloomberg interview.

He predicts that if law comes, it will most likely come as part of a broader privacy bill, adding that there is a much better chance of getting a state or city law drafted first. If that was drafted in a more influential state, such as California, it could spur major vendors to change the way they develop AI in a way that tackles key issues.

Despite the current flaws in facial recognition tech, it can be used for good. In Kent Walker’s blog post, he detailed Google’s AI and how it’s being used to treat diabetic retinopathy, a condition that affects one in three diabetics, causing blindness.

The new technology, which has been in development for years, can detect early signs of diabetic retinopathy before it damages the patient’s sight, with the same accuracy as an ophthalmologist.

Specifically targeting underserved regions such as Thailand where there are only 1,400 eye doctors for 5 million diabetics, the AI technology can help perform screens for early signs of the condition in a country where screening rarely takes place.

Fears mount around Russian influence over Pentagon cloud data contract


Connor Jones

12 Dec, 2018

AWS is leading the bid for the Pentagon's JEDI (Joint Enterprise Defense Infrastructure) contract to store sensitive military data in a commercial cloud and it's is linked to a bidding partner bearing connections to a sanctioned Russian oligarch.

The <em>BBC</em> reported that AWS is being helped by cyber investment firm C5 Group to secure the <a href="https://www.cloudpro.co.uk/it-infrastructure/cloud-management/7711/googl… target="_blank">multi-billion dollar contract</a> which could see data such as nuclear codes being stored in the cloud.

C5 Group is linked with Viktor Vekselberg, a Kremlin associate who has recently been sanctioned by the US for having close ties with the <a href="https://www.cloudpro.co.uk/it-infrastructure/security/7490/kaspersky-to-… target="_blank">Kremlin</a>.

Vekselberg "poses a risk to the US", said Michael Carpenter, former Pentagon official: "Any oligarch in Russia, when called upon by the Kremlin, to do their bidding will do so, and that is the condition that they keep their wealth."

Vekselberg's former right-hand man Vladimir Kuznetsov is a major shareholder in a C5 subsidiary, C5 Razor Bdico but apparently became one through his own volition, using his own money without instruction from Vekselberg.

Veksleberg was sanctioned by the US and soon after he was stopped before boarding a flight in New York on suspicion of his involvement in Russia's interference in the 2016 Presidential election. His electronic devices were seized but denied any wrongdoing.

It emerged earlier this year that Columbus Nova, a company affiliated with Renova Group had paid £500,000 to Michael Cohen, Donald Trump's lawyer at the time. Renova Group is Russian conglomerate which until April 2018, had Vladimir Kuznetsov on its board.

The fears of Veksleberg's connection to a leading bidder stem from the fact that he could have influence over a company which could hold as much as 80% of all US military sensitive data including nuclear launch codes and military personnel locations, some <a href="https://www.theregister.co.uk/2018/12/11/oracle_sues_pentagon_jedi/" target="_blank">reports</a> suggest. It's logical to fear what Russia could do with access to military data, especially considering how successful it was in the election tampering.

Disclosure of bidding companies is prohibited so the Pentagon has declined to comment, while both AWS and C5 Group have said the pair are not involved in the bidding process at all, contrary to the <em>BBC</em> reports.

The JEDI contract was devised to help the US compete with China and Russia, US Major General David Krumm who helped draft the contract said it would help the US win wars.

Speaking at the contract's launch, he said: "The information has to be available to an army platoon that a friendly unit is just around the block and will not open fire.

"It's got to be available to a platoon of Marines who are about to breach a door that an IED has been found."

There are fears that if the Pentagon's IT systems are not updated soon they will lose a future war. As of now, the data which is due to be moved into the cloud is stored on smaller servers in different departments around the Pentagon, having the data in one place would, in theory, make data sharing much more efficient.

Other criticisms of the contract come from a more commercial standpoint, with Oracle earlier in the year voicing its concerns about how Amazon has an unfair advantage in securing the contract and that the deal was <a href="https://www.bloomberg.com/news/articles/2018-04-04/oracle-s-catz-is-said… target="_blank">tailor-made for it</a>.

<a href="https://www.cloudpro.co.uk/saas/7752/microsoft-explains-why-it-still-sel… target="_blank">Microsoft</a> also joined Oracle in the Department of Defence's complaints pile, claiming that limiting the contract to one vendor means the Pentagon would miss out on emerging technology from other cloud companies.

Google Cloud’s Security Command Centre enters beta phase


Connor Jones

6 Dec, 2018

Google Cloud has announced its Cloud Security Command Centre (SCC), previously revealed back in March, is now available in beta to Google Cloud Platform (GCP) customers.

The Cloud SCC, according to Google Cloud, is the first of its kind to be offered by a major cloud provider which offers organization-level visibility into assets, vulnerabilities, and threats. Essentially, the new service provides a user-friendly hub for all levels of a business to access and assess data security events from across its network.

Data can be accessed through a simple dashboard which allows for fast detection of security risks and possible vulnerabilities. This can include overly permissive firewalls and alerts relating to possible compromise leading to coin mining.

The Cloud SCC gives users a comprehensive overview of all cloud assets across GCP services, allowing the viewing of resources across the whole GCP organisation or for just specific projects. It also allows users to make changes such as setting up automatic notifications after a policy change is made to a network firewall, which then needs to be reverted at a late date.

Another interesting feature about the Cloud SCC is that it provides an overview of not just Google Cloud security services such as Foresti and Cloud Security Scanner, but for third-party services too if the business has those implemented alongside Google Cloud services.

The features also work to streamline the experience of detecting security risks in the business by having all assets feed information into one dashboard, without having to visit separate consoles or cloud environments. Third-party tools can also be directly accessed through Cloud SCC to help speed remediation efforts.

The SCC will also provide coverage across Cloud Datastore, Cloud DNS, Cloud Load Balancing, Cloud Spanner, Container Registry, Kubernetes Engine, and Virtual Private Cloud, the company confirmed.

The tool is similar in function to the Shield platform currently being developed by Box, announced in August. Box is betting on machine learning-based security as a major selling point of the platform, which will also give admins a detailed overview of a company’s security portfolio.

Set to be released in 2019, Box Shield will allow security analysts to check to see what content is being accessed, who is accessing it, and whether sensitive data is being downloaded.

NHS patient records to be stored in AWS cloud platform


Connor Jones

3 Dec, 2018

EMIS Group, one of the UK’s major healthcare suppliers, will migrate one of its core services to Amazon’s cloud service.

EMIS, among other things, make EMIS Web, a flagship product of EMIS’s which 56% of all GPs in the country rely on to provide care to patients. The service will be migrated to Amazon Web Service (AWS) as EMIS-X, a new and optimised cloud-based version of the software.

Packed with new features, EMIS-X uses a range of new technologies, including AI-driven voice recognition to automatically interpret patient-clinician conversations and respond with appropriate data from the patient’s records or to provide suggestions for treatment.

“We see millions of hours currently spent by patients and staff in repeating information at each stage of the patient’s healthcare journey being eliminated and the management of medicines in pharmacy being revolutionised by better insight and more efficient services delivered through EMIS-X,” said Andy Thorburn, EMIS Group CEO in a statement.

It will also support a video consultation feature following the rollout of Babylon, another NHS service of this type, which will allow patients to remotely have a GP appointment, without having to leave their home.

But how will the firm transfer 40 million of the sensitive patient records to the new platform safely?

Speaking to IT Pro, a spokesperson said: “For security reasons, we cannot disclose exactly how the records will be migrated, but can report that the method is highly secure, fully certified, and has been used for migration of critical data by the U.K. and other government departments. Copying records will take only a few weeks, but EMIS will operate dual data sources (with bi-directional updating) for some time to ensure service continuity.”

The software which is used by over 10,000 UK organisations will reportedly migrate slowly, on a module-by-module basis which suggests it’s taking the protection of data seriously.

The firm emphasised the importance it’s placing on data protection by mentioning the “unprecedented levels of protection for patient data, including strong encryption of sensitive data” that the service will provide, Thorburn said.

“From the start, EMIS Group has led the way in interoperability and we have been working closely with clinicians and other customers during 2018 to develop EMIS-X. We believe it is the blueprint for the future of connected healthcare in the UK.”

Federated Appointments is another new feature that will be rolled out in the new cloud-based variant. The feature allows clinicians to more easily search for appointments, such as an MRI scan, at a convenient location for the patient, waving goodbye to appointments made in other counties with unrealistic travel times.

This feature also transcends other healthcare software. If your local hospital doesn’t run EMIS-X but has the closest available appointment, that appointment will still be booked, even if your GP does run EMIS-X.

EMIS Web, its current software, allows medical professionals to make alterations to Electronic Patient Records (ERPs) whether they work in primary, secondary or specialist healthcare organisations promoting more consistent care for patients between healthcare providers.

It’s not clear at this time how long it will take to implement the new cloud-based service as the proposal needs to be approved by NHS Digital but from what the company are saying, it sounds like it will be a gradual migration process.

The NHS has embarked on a massive digital transformation in the past year, delivering new technology as a result of increased funding in a variety of areas. The controversial Babylon chatbot app, the NHS app and the new multi-million pound AI application to cancer detection and treatments have all made headlines in an effort to make healthcare in the UK more efficient.

“Late diagnosis of otherwise treatable illnesses is one of the biggest causes of avoidable deaths,” PM Theresa May said in a speech on the government’s industrial strategy. “The development of smart technologies to analyse great quantities of data quickly and with a higher degree of accuracy than is possible by human beings opens up a whole new field of medical research and gives us a new weapon in our armoury in the fight against disease.”

Earlier this year, the NHS also announced a slew of smaller, separate initiatives over the course of the year geared towards transforming aspects of the health service. These include a huge funding injection to local councils to help social care recipients and commitment to get private medical data to augment its own patient records.

British Airways sues data centre supplier for 2017 outage


Connor Jones

22 Nov, 2018

British Airways has filed a lawsuit against CBRE after blaming it for a 2017 IT failure that left 75,000 passengers stranded.

A fault in a system belonging to CBRE, an American outsourcing company that manages BA’s data centres, is thought to have led to the massive outage at Heathrow Airport that forced the cancellation of dozens of flights last year. BA has started legal proceedings against the company, which will be heard at the High Court, according to reports.

The outage in May 2017 resulted in the cancellation of 672 flights and left tens of thousands of passengers stranded. Passenger check-in and operating systems were also affected, and disruption to communications meant that the airline also struggled to locate and contact staff.

In a separate incident earlier this year, BA suffered further IT issues at Heathrow’s terminal five which led to the complete halt of all its flights. Passengers were advised to book overnight accommodation; the airline’s online check-in service was also down.

Willie Walsh, CEO of International Airlines Group, parent company of British Airways, estimated the incident may have cost BA as much as £58 million.

At the time Walsh claimed an engineer had mistakenly switched off the power supply to one of the company data centres which was then turned back on in an uncontrolled fashion, according to the Financial Times.

A BA spokesperson told IT Pro at the time of incident: “There was a loss of power to the UK data centre which was compounded by the uncontrolled return of power which caused a power surge taking out our IT systems. So we know what happened, we just need to find out why. It was not an IT failure and had nothing to do with outsourcing of IT, it was an electrical power supply which was interrupted.”

Speaking at a transport conference in Mexico, Walsh said “it’s very clear to me that you can make a mistake in disconnecting the power … It’s difficult for me to understand how to make a mistake in reconnecting the power”.

BA swiftly announced a thorough investigation was to be carried out into the incident to determine the true cause of the outage.

Speaking to IT Pro at the time, CBRE said “we are the manager of the facility for our client BA and fully support its investigation. No determination has been made yet regarding the causes of the incident on May 27”.

BA has appointed London law firm Linklaters to bring the case against CBRE. BA and Linklaters are reportedly declining to comment at the time, CBRE also refused to comment.

Google invests $700 million in carbon-neutral Danish data centre


Connor Jones

21 Nov, 2018

Google has announced plans to build a cutting-edge, carbon neutral data centre in Fredericia, Denmark, matching any energy consumed with 100% carbon-free energy.

Google will be investing almost $700 million in the new site, the location of which was chosen due to the country’s high-quality digital infrastructure and support for renewable energy. Nordic countries are renowned for their use of cheap renewable energy sources including hydropower and wind, so it’s no surprise more tech giants are setting up shop in Scandinavia.

Google’s European data centres typically use one-third less energy than its sites elsewhere in the world, but the tech giant is still on a quest to use less. It will be seeking out new investment opportunities in Danish renewable energy projects called Power Purchase Agreements, it said. 

“At Google, we aim to support the communities that surround our facilities, and in the last few years we’ve invested almost 3.4 million euro in grants to initiatives that build the local skills base – like curriculum and coding programs, as well as educational support through teaching collaborations at area colleges. We’ll also introduce initiatives like these in Fredericia,” said Joe Kava, Vice President of data centres in yesterday’s announcement.

The new data centre in Fredericia will be one of the most advanced and energy efficient in the company’s arsenal, implementing advanced machine learning to ensure every watt of power is used effectively and efficiently.

“In a dynamic environment like a data center, it can be difficult for humans to see how all of the variables–IT load, outside air temperature, etc.-interact with each other. One thing computers are good at is seeing the underlying story in the data,” Joe Kava said in a blog post. Using finely-tuned models designed by Google’s engineers, it is able to maximise PUE (Power Usage Effectiveness).

This isn’t the first time in recent months that Google has hit the headlines for its work in renewable energy. Back in May 2018, the company announced a partnership with Eon to provide a new service which aimed to help UK homeowners save money by switching to solar panels.

The service uses machine learning to assess data points including roof area and angle to determine a house’s solar potential.

Even more recently, and continuing on the Nordic theme, Google signed a 10-year deal back in September 2018 agreeing to buy renewable energy from three new wind farms in Finland which it will use to power one of its data centres. It was the first instance where the company agreed to buy power while not receiving any government subsidies.

Microsoft launches Azure-based blockchain development kit


Connor Jones

19 Nov, 2018

Microsoft has released a blockchain development kit for its Azure platform, designed with smooth integration between blockchain and its third-party SaaS in mind.

The company said the tools are widely used by businesses taking their first steps towards reinventing the way they do business. The technology and tools have already been used to create projects such as democratising supply chain financing in Nigeria to tracking British crops from farm to fork.

This iteration of the SDK will focus on three key areas: creating connections between blockchain and other interfaces involved in the business process such as mobile clients and IoT; integration with data, software, and media that lives “off chain” such as office documents and CAD files; deploying smart contracts for implementation with business networks.

“This kit extends the capabilities of our blockchain developer templates and Azure Blockchain Workbench, which incorporates Azure services for key management, off-chain identity and data, monitoring, and messaging APIs into a reference architecture that can be used to rapidly build blockchain-based applications,” Said Marc Mercuri, principal program manager at Microsoft’s Blockchain Engineering division, in a blog post.

The kit is designed to streamline processes and lower the barrier to entry for developers wanting to create end-to-end blockchain applications.

“The Azure Blockchain Development Kit is the next step in our journey to make developing end to end blockchain applications accessible, fast, and affordable to anyone with an idea,” said Mecuri. “It is built atop our investments in blockchain and connects to the compute, data, messaging, and integration services available in both Azure and the broader Microsoft Cloud to provide a robust palette for a developer to realize their vision.”

This announcement follows plans for another blockchain project earlier this year – to provide decentralised IDs (DIDs) via an Authenticator app. After thinking about how users grant consent to a myriad of apps and services, users should have something that allows them to easily control access their digital identity, Ankur Patel, principal programme manager at Microsoft’s Identity Division, said. Microsoft said it has explored a range of different decentralised storage systems, but found blockchains provided the most robust protocols for enabling DIDs.

Cisco defies market shift to cloud with rising hardware sales


Connor Jones

15 Nov, 2018

Cisco has said increased demand for its router hardware as well as a surging software business has led to an unexpected jump in year over year revenue and profits, according to a earnings report released on Wednesday.

Demand for its hardware had been declining as customers frequently turned towards cloud services provided by the likes of Amazon and Microsoft. However, revenue for its hardware unit rose 9% to $7.64 billion, beating analyst expectations of $7.39 billion, according to Reuters.

The company recently immersed itself in the software and cyber security market following a decreased demand for its hardware, resulting in the $2.35 billion acquisition of cyber security provider Duo Security back in August. Wednesday’s report showed revenue for its application software business had risen 18% to $1.42 billion for the year, while security sales, which include its firewall protection and breach detection services, were up 11% to $651 million.

“We had a strong start to fiscal 2019 and we believe our opportunity has never been greater,” said Chuck Robbins, chairman and CEO of Cisco.

“Our customers are looking to Cisco as a trusted partner to help them operate in a multi-cloud world and to transform their businesses. Our strategy is working and we are well positioned with our growing and differentiated portfolio across multiple domains to bring our customers a more secure, automated and simple IT infrastructure.”

The company’s shares which forecast unexpected growth in revenue, were also up 4% in extended trading, contributing to a near 16% gain for the year.

Cisco revealed that subscriptions were running steady, providing consistent revenue flow with 57% of total software revenue in the first quarter, following the previous quarter’s 56%.

“We executed well, with broad-based growth across all of our geographies, product categories and customer segments, and delivered 8% revenue growth and 23% non-GAAP EPS growth,” said Kelly Kramer, CFO of Cisco. “We are seeing the returns on our investments in innovation as we continue to transform our business model.”

This welcome news follows its big announcement at its recent 2018 Partner Summit in Las Vegas. Cisco will be offering a range of its security products across its SD-WAN management portal by the end of the year. This includes new firewall services, an intrusion protection system (IPS), URL filtering and its cloud-based security from Cisco Umbrella.

The company said it was responding to the biggest market shift in networking for the past 20 years.

Oracle opts for UK AI expansion due to ‘wealth of local talent’


Connor Jones

15 Nov, 2018

Oracle has announced an expansion to its AI programme in the UK, pledging to double the size of its development team at its site in Reading.

The company said it will take advantage of the wealth of local talent available and hire a new generation of data scientists and architects.

Oracle’s industry-leading technology has benefited many businesses, including the NHS Business Services Authority (NHSBSA) which used Oracle’s AI tools help the NHS and other clients make better-informed treatment decisions for patients.

Using their DALL built using Oracle AI tools, the NHSBSA was able to retrieve £581 million of savings for the NHS to re-invest in patient care.

“Our expansion in the UK reflects the region’s strong technology talent,” said Oracle CEO Safra Catz. “The global AI development hub in Reading accelerates innovation and helps customers take advantage of these critical emerging technologies by making them pervasive throughout our cloud offerings.”

It’s the latest endorsement to the UK’s surging AI industry. In April, the UK Government announced its AI Sector Deal – a £1 billion funding package backed by 50 leading businesses and organisations. Japanese venture capital firm Global Brain has also announced its plans to open its European HQ in the UK and invest £35 million in British AI start-ups, while Vancouver-based Chrysalix has also pledged to plough £110 million into AI and robotics enterprises throughout the country.

Professional services firms Accenture and PwC agree that the country’s GDP will be 10.3% higher come 2030, so it’s no surprise the country is getting a massive surge of investment.

“We are already Europe’s leading tech hub, with global firms and thriving startups choosing the UK as the place to grow their business and create high-skilled jobs,” said UK Government Digital Secretary Jeremy Wright, in response to Oracle’s decision. “We are a world leader in artificial intelligence and our modern Industrial Strategy puts pioneering technologies at the heart of our plans to build a Britain fit for the future.”

However, recent reports suggest the UK faces a brain drain when it comes to technology students, particularly given the lure of highly paid jobs in the US. A report in September found that only one in seven post-graduate students or research graduates are joining a UK tech startup after their studies. Also, around a third of leading machine learning and AI specialists have left the UK for work at Silicon Valley tech companies.

The UK government is hoping to put a plaster over the bleeding talent in the country with its AI Sector deal which promises to invest £17 million into AI development at British universities.

“The UK is one of the world’s leading technology nations and is recognised as a place where ingenuity and entrepreneurship can flourish,” said Sam Gyimah, the Science Minister, speaking on the brain drain issue.

“We are a beacon for global talent, and as part of our modern industrial strategy, through our £1 billion AI sector deal, we are capitalising on the UK’s global advantage in artificial intelligence.”