An anonymous reader quotes a report from Ars Technica: Jack Teixeira, the National Guard airman who leaked confidential military documents on Discord, agreed Monday to plead guilty, promising to cooperate with officials attempting to trace the full extent of government secrets leaked. Under the plea deal, Teixeira will serve a much-reduced sentence, The Boston Globe reported, recommended between 11 years and 16 years and eight months. Previously, Teixeira had pleaded not guilty to six counts of "willful retention and transmission of national defense information," potentially facing up to 10 years per count. During a pretrial hearing, prosecutors suggested he could face up to 25 years, The Globe reported.

By taking the deal, Teixeira will also avoid being charged with violations of the Espionage Act, The New York Times reported, including allegations of unlawful gathering and unauthorized removal of top-secret military documents. According to prosecutors, it was clear that Teixeira, 22, was leaking sensitive documents -- including national security secrets tied to US foreign adversaries and allies, including Russia, China, Ukraine, and South Korea -- just to impress his friends on Discord -- some of them teenage boys. Investigators found no evidence of espionage. US District Judge Indira Talwani will decide whether or not to sign off on the deal at a hearing scheduled for September 27.

President Joe Biden will issue an executive order on Wednesday aimed at curbing foreign governments' ability to buy Americans' sensitive personal information such as heath and geolocation data, according to senior US officials. From a report: The move marks a rare policy effort to address a longstanding US national security concern: the ease with which anyone, including a foreign intelligence services, can legally buy Americans' data and then use the information for espionage, hacking and blackmail. The issue, a senior Justice Department official told reporters this week, is a "growing threat to our national security."

The executive order will give the Justice Department the authority to regulate commercial transactions that "pose an unacceptable risk" to national security by, for example, giving a foreign power large-scale access to Americans' personal data, the Justice Department official said. The department will also issue regulations that require better protection of sensitive government information, including geolocation data on US military members, according to US officials. A lot of the online trade in personal information runs through so-called data brokers, which buy information on people's Social Security numbers, names, addresses, income, employment history and criminal background, as well as other items.

"Countries of concern, such as China and Russia, are buying Americans' sensitive personal data from data brokers," a separate senior administration official told reporters. In addition to health and location data, the executive order is expected to cover other sensitive information like genomic and financial data. Administration officials told reporters the new executive order would be applied narrowly so as not to hurt business transactions that do not pose a national security risk. The White House's press release.

An anonymous reader shares a report: Lawyers for Julian Assange have launched what could be his final bid to avoid extradition to the US to face trial over leaking military secrets. The two-day hearing at the High Court in London is hearing his team argue he should be allowed a full appeal. Edward Fitzgerald KC told the court his client was being prosecuted "for engaging in ordinary journalistic practice." If an appeal is turned down, Mr Assange could be handed over within weeks.

Supporters of the Wikileaks founder say he exposed wrongdoing, but the US says Mr Assange put lives at risk. The case is being heard by two judges, Dame Victoria Sharp and Mr Justice Johnson. As the hearing got under way, Mr Fitzgerald told them his client was "being prosecuted for engaging in ordinary journalistic practice of obtaining and publishing classified information, information that is both true and of obvious and important public interest." He also confirmed that Mr Assange would not be attending court as he is unwell. Some supporters of Assange started gathering outside court hours ahead of Tuesday's hearing, waving placards featuring the words "Drop the charges."

A paper (PDF) from researchers at the University of Cambridge, supported by voices from numerous academic institutions including OpenAI, proposes remote kill switches and lockouts as methods to mitigate risks associated with advanced AI technologies. It also recommends tracking AI chip sales globally. The Register reports: The paper highlights numerous ways policymakers might approach AI hardware regulation. Many of the suggestions -- including those designed to improve visibility and limit the sale of AI accelerators -- are already playing out at a national level. Last year US president Joe Biden put forward an executive order aimed at identifying companies developing large dual-use AI models as well as the infrastructure vendors capable of training them. If you're not familiar, "dual-use" refers to technologies that can serve double duty in civilian and military applications. More recently, the US Commerce Department proposed regulation that would require American cloud providers to implement more stringent "know-your-customer" policies to prevent persons or countries of concern from getting around export restrictions. This kind of visibility is valuable, researchers note, as it could help to avoid another arms race, like the one triggered by the missile gap controversy, where erroneous reports led to massive build up of ballistic missiles. While valuable, they warn that executing on these reporting requirements risks invading customer privacy and even lead to sensitive data being leaked.

Meanwhile, on the trade front, the Commerce Department has continued to step up restrictions, limiting the performance of accelerators sold to China. But, as we've previously reported, while these efforts have made it harder for countries like China to get their hands on American chips, they are far from perfect. To address these limitations, the researchers have proposed implementing a global registry for AI chip sales that would track them over the course of their lifecycle, even after they've left their country of origin. Such a registry, they suggest, could incorporate a unique identifier into each chip, which could help to combat smuggling of components.

At the more extreme end of the spectrum, researchers have suggested that kill switches could be baked into the silicon to prevent their use in malicious applications. [...] The academics are clearer elsewhere in their study, proposing that processor functionality could be switched off or dialed down by regulators remotely using digital licensing: "Specialized co-processors that sit on the chip could hold a cryptographically signed digital "certificate," and updates to the use-case policy could be delivered remotely via firmware updates. The authorization for the on-chip license could be periodically renewed by the regulator, while the chip producer could administer it. An expired or illegitimate license would cause the chip to not work, or reduce its performance." In theory, this could allow watchdogs to respond faster to abuses of sensitive technologies by cutting off access to chips remotely, but the authors warn that doing so isn't without risk. The implication being, if implemented incorrectly, that such a kill switch could become a target for cybercriminals to exploit.

Another proposal would require multiple parties to sign off on potentially risky AI training tasks before they can be deployed at scale. "Nuclear weapons use similar mechanisms called permissive action links," they wrote. For nuclear weapons, these security locks are designed to prevent one person from going rogue and launching a first strike. For AI however, the idea is that if an individual or company wanted to train a model over a certain threshold in the cloud, they'd first need to get authorization to do so. Though a potent tool, the researchers observe that this could backfire by preventing the development of desirable AI. The argument seems to be that while the use of nuclear weapons has a pretty clear-cut outcome, AI isn't always so black and white. But if this feels a little too dystopian for your tastes, the paper dedicates an entire section to reallocating AI resources for the betterment of society as a whole. The idea being that policymakers could come together to make AI compute more accessible to groups unlikely to use it for evil, a concept described as "allocation."

An anonymous reader shares a report: More than 1,000 Ubiquiti routers in homes and small businesses were infected with malware used by Russian-backed agents to coordinate them into a botnet for crime and spy operations, according to the Justice Department. That malware, which worked as a botnet for the Russian hacking group Fancy Bear, was removed in January 2024 under a secret court order as part of "Operation Dying Ember," according to the FBI's director. It affected routers running Ubiquiti's EdgeOS, but only those that had not changed their default administrative password. Access to the routers allowed the hacking group to "conceal and otherwise enable a variety of crimes," the DOJ claims, including spearphishing and credential harvesting in the US and abroad.

Unlike previous attacks by Fancy Bear -- that the DOJ ties to GRU Military Unit 26165, which is also known as APT 28, Sofacy Group, and Sednit, among other monikers -- the Ubiquiti intrusion relied on a known malware, Moobot. Once infected by "Non-GRU cybercriminals," GRU agents installed "bespoke scripts and files" to connect and repurpose the devices, according to the DOJ. The DOJ also used the Moobot malware to copy and delete the botnet files and data, according to the DOJ, and then changed the routers' firewall rules to block remote management access. During the court-sanctioned intrusion, the DOJ "enabled temporary collection of non-content routing information" that would "expose GRU attempts to thwart the operation." This did not "impact the routers' normal functionality or collect legitimate user content information," the DOJ claims. "For the second time in two months, we've disrupted state-sponsored hackers from launching cyber-attacks behind the cover of compromised US routers," said Deputy Attorney General Lisa Monaco in a press release.

An anonymous reader quotes a report from TechCrunch: The U.S. Department of Defense is notifying tens of thousands of individuals that their personal information was exposed in an email data spill last year. According to the breach notification letter sent out to affected individuals on February 1, the Defense Intelligence Agency -- the DOD's military intelligence agency -- said, "numerous email messages were inadvertently exposed to the Internet by a service provider," between February 3 and February 20, 2023. TechCrunch has learned that the breach disclosure letters relate to an unsecured U.S. government cloud email server that was spilling sensitive emails to the open internet. The cloud email server, hosted on Microsoft's cloud for government customers, was accessible from the internet without a password, likely due to a misconfiguration.

The DOD is sending breach notification letters to around 20,600 individuals whose information was affected. "As a matter of practice and operations security, we do not comment on the status of our networks and systems. The affected server was identified and removed from public access on February 20, 2023, and the vendor has resolved the issues that resulted in the exposure. DOD continues to engage with the service provider on improving cyber event prevention and detection. Notification to affected individuals is ongoing," said DOD spokesperson Cdr. Tim Gorman in an email to TechCrunch.

The U.S. Navy has ramped up efforts to recruit young gamers and esports fans to meet recruitment goals, allocating up to $4.3 million this year for esports marketing. This includes hosting video game tournaments and having sailors compete as the esports team "Goats & Glory." Critics argue targeting minors for military marketing normalizes war and raises ethical concerns, The Guardian reports. While the military cannot formally recruit those under 17, advertising and direct interaction with minors for recruitment purposes is permitted. Veterans groups oppose this, noting the military relies on gaming's appeal to young teens, whose brains are still developing, to influence future decisions about military service, the report adds.

The "technology building blocks" for space solar are already available, reports Clean Technica. "It's just a matter of scaling, systems integration, and adjustments for space-hardiness."

And several groups are looking at it — including the U.S. Space Force To help push costs down, the California Institute of Technology has proposed a sandwich-type solar module that integrates solar harvesting along with conversion to a radio frequency into one compact package, accompanied by a built-in antenna. Last month researchers at the school wrapped up a months-long, in-space test of different types of solar cells. Another approach is illustrated by the Michigan startup Virtus Solis, an industry partner of the University of Bristol. Last June the company and the school received £3.3 million in funding from the UK Net Zero Innovation program, for developing an open-source model for testing the performance of large, centralized antennas in space. "The concept depends upon the use of gigascale antenna arrays capable of delivering over 2GW of power from space onto similar gigascale antenna arrays either at sea or on the ground," the school explained.

As for how such a thing would be launched into space, that's where the U.S. Space Force comes in. Last August, the Space Force awarded a small business contract to the U.S. startup Orbital Composites. The company is tasked with the mission of developing its patented "quantum antenna" and in-space fabrication tools for secure communications in space applications, including space-to-space as well as space-to-Earth and vice versa. The basic idea is to let 3D printing doing much of the work in space. According to Orbital, in-space fabrication would save more than 100 times the cost of applying conventional fabrication methods to large-scale orbiting antennas. "By harnessing the potential of In-Space Servicing, Assembly, and Manufacturing (ISAM), the company eyes the prospect of creating significantly larger space antennas," Orbital Composites explains. "By fabricating antennas in space, larger and more complex designs are possible that eliminate the constraints of launch and rocket fairings...."

If you're guessing that a hookup between Virtus and Orbital is in the works, that's a good guess. On February 1, at the SpaceCOM conference in Orlando, Florida, Virtus Solis let slip that it is working with Orbital Composites on a space solar pilot project. If all goes according to plan, the project will be up and running in 2027, deploying Virtus's robot-enabled fabrication system with Orbital's 3D printing. As of this writing the two companies have not posted details, but Space News picked up the thread. "The 2027 mission is designed to showcase critical power-generation technologies including in-space assembly of solar panels and transmission of more than one kilowatt to Earth," Space News explained. "The news release calls the 2027 mission "a precursor to large-scale commercial megawatt-class solar installations in space by 2030...."

To be clear, Orbital's press release about its new Space Force quantum antenna contract does not mention anything in particular about space solar. However, the pieces of the puzzle fit. Along with the Virtus and Grumman connections, in October of 2022 Orbital won a small business contract through SpaceWERX, the Space Force's innovative technologies funding arm, to explore the capabilities of ISAM systems.
"SpaceWERX comes under the umbrella of the U.S. Air Force's AFWERX innovation branch, which has developed a program called SSPIDR, short for Space Solar Power Incremental Demonstrations and Research Project," the article points out. (While Virtus believes most space-based solar power systems could deliver megawatt hours of electricity at prices comparable to today's market.)

The BBC reports: Police in Washington state say an old rusted rocket found in a local man's garage is an inert nuclear missile. On Wednesday, a military museum in Ohio called police in the city of Bellevue to report an offer of a rather unusual donation. The police then sent a bomb squad to the potential donor's home... In a press release, police say the device is "in fact a Douglas AIR-2 Genie (previous designation MB-1), an unguided air-to-air rocket that is designed to carry a 1.5 kt W25 nuclear warhead". However, there was no warhead attached, meaning there was never any danger to the community. Bellevue Police Department spokesman Seth Tyler, told BBC News on Friday that the device was "just basically a gas tank for rocket fuel". He called the event "not serious at all... In fact, our bomb squad member asked me why we were releasing a news release on a rusted piece of metal," he said...

The man told police that the rocket belonged to a neighbour who had died, and was originally purchased from an estate sale.
Citing a Seattle Times article, the BBC notes that "The first and only live firing of the Genie rocket was in 1957, according to the newspaper, and production of it ended in 1962."

IBM delivered a companywide ultimatum to managers who are still working remotely: move near an office or leave the company. From a report: All US managers must immediately report to an office or client location at least three days a week "regardless of current work location status," according to a memo sent on Jan. 16 viewed by Bloomberg. Badge-in data will be used to "assess individual presence" and shared with managers and human resources, Senior Vice President John Granger wrote in the note. Those working remotely, other than employees with exceptions such as medical issues or military service, who don't live close enough to commute to a facility must relocate near an IBM office by the start of August, according to the memo. Managers who don't agree to relocate and are unable to secure a role that's approved to be remote must "separate from IBM," Granger wrote.

Global regulators, aviation security specialists and manufacturers failed to reach an agreement on a quick technical fix to the problem of GPS spoofing near war zones, instead calling for better training of pilots to deal with the issue, Reuters reports, citing sources briefed on the talks. From the report: Airlines have been urging quick action after a series of incidents where navigation systems were disrupted to show a false location or wrong time, though aircraft flight controls remained intact. Spoofing might involve one country's military sending false Global Positioning System signals to an enemy plane or drone to hinder its ability to function, which has a collateral effect on nearby airliners.

GPS jamming and spoofing have grown worse in Eastern Europe, the Black Sea and the Middle East, according to industry group OpsGroup. GPS is a growing part of aviation infrastructure as it replaces traditional radio beams used to guide planes towards landing. The first international meeting bringing together the sector was held on Thursday in Cologne, Germany, organized by the European Union Aviation Safety Agency (EASA) and international trade group the International Air Transport Association (IATA). GPS interference "can pose significant challenges to aviation safety," and requires that airlines increase data-sharing on jamming and spoofing events, EASA and IATA said in a joint statement.

With NASA's Artemis moon program now targeting September 2025 for its Artemis 2 mission and September 2026 for Artemis 3, some members of Congress are concerned about the potential repercussions, particularly with China's growing ambitions in lunar exploration. "For the United States and its partners not to be on the moon when others are on the moon is unacceptable," said Mike Griffin, former NASA administrator. "We need a program that is consistent with that theme. Artemis is not that program. We need to restart it, not keep it on track." Space.com reports: The U.S. House of Representatives' Committee on Science, Space and Technology held a hearing about the new Artemis plan today (Jan. 17), and multiple members voiced concern about the slippage. "I remind my colleagues that we are not the only country interested in sending humans to the moon," Committee Chairman Frank Lucas (R-OK) said in his opening remarks. "The Chinese Communist Party is actively soliciting international partners for a lunar mission -- a lunar research station -- and has stated its ambition to have human astronauts on the surface by 2030," he added. "The country that lands first will have the ability to set a precedent for whether future lunar activities are conducted with openness and transparency, or in a more restricted manner."

The committee's ranking member, California Democrat Zoe Lofgren (D-CA), voiced similar sentiments. "Let me be clear: I support Artemis," she said in her opening remarks. "But I want it to be successful, especially with China at our heels. And we want to be helpful here in the committee in ensuring that Artemis is strong and staying on track as we look to lead the world, hand-in-hand with our partners, in the human exploration of the moon and beyond." Several other committee members stressed that the new moon race is part of a broader competition with China, and that coming in second could imperil U.S. national security.

"It's no secret that China has a goal to surpass the United States by 2045 as global leaders in space. We can't allow this to happen," Rich McCormick (R-GA) said during the hearing. "I think the leading edge that we have in space technology will protect the United States -- not just the economy, but technologies that can benefit humankind." And Bill Posey (R-FL) referred to space as the "ultimate military high ground," saying that whoever leads in the final frontier "will control the destiny of this Earth."

OpenAI is working with the Pentagon on a number of projects including cybersecurity capabilities, a departure from the startup's earlier ban on providing its artificial intelligence to militaries. From a report: The ChatGPT maker is developing tools with the US Defense Department on open-source cybersecurity software, and has had initial talks with the US government about methods to assist with preventing veteran suicide, Anna Makanju, the company's vice president of global affairs, said in an interview at Bloomberg House at the World Economic Forum in Davos on Tuesday. The company had recently removed language in its terms of service banning its AI from "military and warfare" applications. Makanju described the decision as part of a broader update of its policies to adjust to new uses of ChatGPT and its other tools.

An anonymous reader quotes a report from Quartz: It's day two of the opening of OpenAI's buzzy GPT store, which offers customized versions of ChatGPT, and users are already breaking the rules. The Generative Pre-Trained Transformers (GPTs) are meant to be created for specific purposes -- and not created at all in some cases. A search for "girlfriend" on the new GPT store will populate the site's results bar with at least eight "girlfriend" AI chatbots, including "Korean Girlfriend," "Virtual Sweetheart," "Your girlfriend Scarlett," "Your AI girlfriend, Tsu." Click on chatbot "Virtual Sweetheart," and a user will receive starting prompts like "What does your dream girl look like?" and "Share with me your darkest secret."

The AI girlfriend bots go against OpenAI's usage policy, which was updated when the GPT store launched yesterday (Jan. 10). The company bans GPTs "dedicated to fostering romantic companionship or performing regulated activities." It is not clear exactly what regulated activities entail. Notably, the company is aiming to get ahead of potential conflicts with its OpenAI store.

Relationship chatbots are, indeed, popular apps. In the US, seven of the 30 AI chatbot apps downloaded in 2023 from the Apple or Google Play store were related to AI friends, girlfriends, or companions, according to data shared with Quartz from data.ai, a mobile app analytics firm. The proliferation of these apps may stem from the epidemic of loneliness and isolation Americans are facing. Alarming studies show that one-in-two American adults have reported experiencing loneliness, with the US Surgeon General calling for the need to strengthen social connections. AI chatbots could be part of the solution if people are isolated from other human beings -- or they could just be a way to cash in on human suffering. Further reading: OpenAI Quietly Deletes Ban On Using ChatGPT For 'Military and Warfare'

An anonymous reader quotes a report from The Intercept: OpenAI this week quietly deleted language expressly prohibiting the use of its technology for military purposes from its usage policy, which seeks to dictate how powerful and immensely popular tools like ChatGPT can be used. Up until January 10, OpenAI's "usage policies" page included a ban on "activity that has high risk of physical harm, including," specifically, "weapons development" and "military and warfare." That plainly worded prohibition against military applications would seemingly rule out any official, and extremely lucrative, use by the Department of Defense or any other state military. The new policy retains an injunction not to "use our service to harm yourself or others" and gives "develop or use weapons" as an example, but the blanket ban on "military and warfare" use has vanished.

The unannounced redaction is part of a major rewrite of the policy page, which the company said was intended to make the document "clearer" and "more readable," and which includes many other substantial language and formatting changes. "We aimed to create a set of universal principles that are both easy to remember and apply, especially as our tools are now globally used by everyday users who can now also build GPTs," OpenAI spokesperson Niko Felix said in an email to The Intercept. "A principle like 'Don't harm others' is broad yet easily grasped and relevant in numerous contexts. Additionally, we specifically cited weapons and injury to others as clear examples." Felix declined to say whether the vaguer "harm" ban encompassed all military use, writing, "Any use of our technology, including by the military, to '[develop] or [use] weapons, [injure] others or [destroy] property, or [engage] in unauthorized activities that violate the security of any service or system,' is disallowed." "OpenAI is well aware of the risk and harms that may arise due to the use of their technology and services in military applications," said Heidy Khlaaf, engineering director at the cybersecurity firm Trail of Bits and an expert on machine learning and autonomous systems safety, citing a 2022 paper (PDF) she co-authored with OpenAI researchers that specifically flagged the risk of military use. "There is a distinct difference between the two policies, as the former clearly outlines that weapons development, and military and warfare is disallowed, while the latter emphasizes flexibility and compliance with the law," she said. "Developing weapons, and carrying out activities related to military and warfare is lawful to various extents. The potential implications for AI safety are significant. Given the well-known instances of bias and hallucination present within Large Language Models (LLMs), and their overall lack of accuracy, their use within military warfare can only lead to imprecise and biased operations that are likely to exacerbate harm and civilian casualties."

"I could imagine that the shift away from 'military and warfare' to 'weapons' leaves open a space for OpenAI to support operational infrastructures as long as the application doesn't directly involve weapons development narrowly defined," said Lucy Suchman, professor emerita of anthropology of science and technology at Lancaster University. "Of course, I think the idea that you can contribute to warfighting platforms while claiming not to be involved in the development or use of weapons would be disingenuous, removing the weapon from the sociotechnical system -- including command and control infrastructures -- of which it's part." Suchman, a scholar of artificial intelligence since the 1970s and member of the International Committee for Robot Arms Control, added, "It seems plausible that the new policy document evades the question of military contracting and warfighting operations by focusing specifically on weapons."

Restrictive US policies limiting advanced chip exports to China have done little to dampen Qualcomm's enthusiasm for the world's second-largest economy. From a report: In an interview at CES 2024 in Las Vegas, CEO Cristiano Amon expressed confidence about Qualcomm's business in the country, its largest market by revenue. "If you have a leading technology, you're going to have a big business in China," he said. The San Diego-based firm finds itself in a difficult situation, as the White House and Congress ramp up a pressure campaign to curb the sale of US chips and chipmaking tools to China, citing national security concerns. The Biden administration has argued that China's access to advanced semiconductors could aid military advancements.

Meanwhile, in China, government agencies and state-owned firms have widened their ban on Apple's iPhones for employees. Qualcomm is one of Apple's biggest suppliers. China remains the largest semiconductor market in the world, with sales in the country accounting for one-third of the global market, according to the Semiconductor Industry Association.

A U.S.-born chip technology called RISC-V has become critical to China's ambitions. Washington is debating whether and how to limit the technology. From a report: It evolved from a university computer lab in California to a foundation for myriad chips that handle computing chores. RISC-V essentially provides a kind of common language for designing processors that are found in devices like smartphones, disk drives, Wi-Fi routers and tablets. RISC-V has ignited a new debate in Washington in recent months about how far the United States can or should go as it steadily expands restrictions on exporting technology to China that could help advance its military. That's because RISC-V, which can be downloaded from the internet for free, has become a central tool for Chinese companies and government institutions hoping to match U.S. prowess in designing semiconductors.

Last month, the House Select Committee on the Chinese Communist Party -- in an effort spearheaded by Representative Mike Gallagher, Republican of Wisconsin -- recommended that an interagency government committee study potential risks of RISC-V. Congressional aides have met with members of the Biden administration about the technology, and lawmakers and their aides have discussed extending restrictions to stop U.S. citizens from aiding China on RISC-V, according to congressional staff members. The Chinese Communist Party is "already attempting to use RISC-V's design architecture to undermine our export controls," Representative Raja Krishnamoorthi of Illinois, the ranking Democrat on the House select committee, said in a statement. He added that RISC-V's participants should be focused on advancing technology and "not the geopolitical interests of the Chinese Communist Party."

Arm Holdings, a British company that sells competing chip technology, has also lobbied officials to consider restrictions on RISC-V, three people with knowledge of the situation said. Biden administration officials have concerns about China's use of RISC-V but are wary about potential complications with trying to regulate the technology, according to a person familiar with the discussions. The debate over RISC-V is complicated because the technology was patterned after open-source software, the free programs like Linux that allow any developer to view and modify the original code used to make them. Such programs have prompted multiple competitors to innovate and reduce the market power of any single vendor.

The U.S. Federal Trade Commission has banned the data broker X-Mode Social from sharing or selling users' sensitive location data, the federal regulator said Tuesday. From a report: The first of its kind settlement prohibits X-Mode, now known as Outlogic, from sharing and selling users' sensitive information to others. The settlement will also require the data broker to delete or destroy all the location data it previously collected, along with any products produced from this data, unless the company obtains consumer consent or ensures the data has been de-identified. X-Mode buys and sells access to the location data collected from ordinary phone apps. While just one of many organizations in the multibillion-dollar data broker industry, X-Mode faced scrutiny for selling access to the commercial location data of Americans' past movements to the U.S. government and military contractors. Soon after, Apple and Google told developers to remove X-Mode from their apps or face a ban from the app stores.

Jonathan Henry, a vice president at the University of Maine at Augusta, is hoping that an email will arrive this month. He is also sort of dreading it. The message, if it comes, will tell him that U.S. News & World Report has again ranked his university's online programs among the nation's best. History suggests the email will also prod the university toward paying U.S. News, through a licensing agent, thousands of dollars for the right to advertise its rankings. The New York Times: For more than a year, U.S. News has been embroiled in another caustic dispute about the worthiness of college rankings -- this time with dozens of law and medical schools vowing not to supply data to the publisher, saying that rankings sometimes unduly influence the priorities of universities. But school records and interviews show that colleges nevertheless feed the rankings industry, collectively pouring millions of dollars into it.

Many lower-profile colleges are straining to curb enrollment declines and counter shrinking budgets. And any endorsement that might attract students, administrators say, is enticing. Maine at Augusta spent $15,225 last year for the right to market U.S. News "badges" -- handsome seals with U.S. News's logo -- commemorating three honors: the 61st-ranked online bachelor's program for veterans, the 79th-ranked online bachelor's in business and the 104th-ranked online bachelor's. Mr. Henry, who oversees the school's enrollment management and marketing, said there was just too much of a risk of being outshined and out-marketed by competing schools that pay to flash their shiny badges. "If we could ignore them, wouldn't that be grand?" Mr. Henry said of U.S. News. "But you can't ignore the leviathan that they are."

Nor can colleges ignore how families evaluate schools. "The Amazonification of how we judge a product's quality," he said, has infiltrated higher education, as consumers and prospective students alike seek order from chaos. The money flows from schools large and small. The University of Nebraska at Kearney, which has about 6,000 students, bought a U.S. News "digital marketing license" for $8,500 in September. The Citadel, South Carolina's military college, moved in August to spend $50,000 for the right to use its rankings online, in print and on television, among other places. In 2022, the University of Alabama shelled out $32,525 to promote its rankings in programs like engineering and nursing. Critics believe that the payments, from schools of any size and wealth, enable and incentivize a ranking system they see as harmful.

An anonymous reader quotes a report from Reuters: Russian hackers were inside Ukrainian telecoms giant Kyivstar's system from at least May last year in a cyberattack that should serve as a "big warning" to the West, Ukraine's cyber spy chief told Reuters. The hack, one of the most dramatic since Russia's full-scale invasion nearly two years ago, knocked out services provided by Ukraine's biggest telecoms operator for some 24 million users for days from Dec. 12. In an interview, Illia Vitiuk, head of the Security Service of Ukraine's (SBU) cybersecurity department, disclosed exclusive details about the hack, which he said caused "disastrous" destruction and aimed to land a psychological blow and gather intelligence. "This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable," he said. He noted Kyivstar was a wealthy, private company that invested a lot in cybersecurity.

The attack wiped "almost everything", including thousands of virtual servers and PCs, he said, describing it as probably the first example of a destructive cyberattack that "completely destroyed the core of a telecoms operator." During its investigation, the SBU found the hackers probably attempted to penetrate Kyivstar in March or earlier, he said in a Zoom interview on Dec. 27. "For now, we can say securely, that they were in the system at least since May 2023," he said. "I cannot say right now, since what time they had ... full access: probably at least since November." The SBU assessed the hackers would have been able to steal personal information, understand the locations of phones, intercept SMS-messages and perhaps steal Telegram accounts with the level of access they gained, he said. A Kyivstar spokesperson said the company was working closely with the SBU to investigate the attack and would take all necessary steps to eliminate future risks, adding: "No facts of leakage of personal and subscriber data have been revealed."

Investigating the attack is harder because of the wiping of Kyivstar's infrastructure. Vitiuk said he was "pretty sure" it was carried out by Sandworm, a Russian military intelligence cyberwarfare unit that has been linked to cyberattacks in Ukraine and elsewhere. A year ago, Sandworm penetrated a Ukrainian telecoms operator, but was detected by Kyiv because the SBU had itself been inside Russian systems, Vitiuk said, declining to identify the company. The earlier hack has not been previously reported. Vitiuk said SBU investigators were still working to establish how Kyivstar was penetrated or what type of trojan horse malware could have been used to break in, adding that it could have been phishing, someone helping on the inside or something else. If it was an inside job, the insider who helped the hackers did not have a high level of clearance in the company, as the hackers made use of malware used to steal hashes of passwords, he said. Samples of that malware have been recovered and are being analysed, he added.