Android dominiert den Smartphone-Markt und ist auch darüber hinaus das mit Abstand am weitesten verbreitete mobile Betriebssystem.

Trotzdem ist Apple für App Publisher immer noch die deutlich lukrativere Adresse, wie ein aktueller Report von Sensor Tower zeigt. Demnach erzielten die 100 größten iOS-App-Publisher im ersten Quartal 2019 durchschnittlich 84 Millionen US-Dollar Umsatz, verglichen mit 51 Millionen US-Dollar bei den erfolgreichsten Android-App-Herstellern.

Insgesamt hat Apple bislang mehr als 120 Milliarden US-Dollar ab Entwickler ausgezahlt (Stand: Januar 2019) – davon 60 Milliarden US-Dollar in den letzten beiden Jahren.

from: https://de.statista.com/infografik/18480/durchschnittlicher-bruttoumsatz-der-top-100-app-publisher/

***

Apple: Spotify argumentiert mit falschen Zahlen
Spotify-Gründer Daniel Ek hatte Mitte März bei der EU-Kommission ein Prüfverfahren gegen Apple eingeleitet. Der Grund: Apple erhebe von Anbietern 30 Prozent Gebühren für Käufe über den App Store, beispielsweise wenn ein Spotify-Kunde sein Gratisabo auf die Premium-Funktion upgrade. Apple wirft dem Streaming-Anbieter nun vor, wissentlich mit falschen Zahlen zu argumentieren. Von den 30 Prozent seien nicht etwa alle Nutzer betroffen, sondern nur jene, die ihr Abo zwischen 2014 und 2016 abgeschlossen haben – etwa 680.000 Kunden. Zudem habe deren Gebühr nur bei 15 Prozent gelegen. spiegel.de

Streit um Abo-Kosten Apple wehrt sich gegen Spotify-Vorwürfe

Apple schlägt gegen Spotify zurück: Der Konzern kassiere keine überhöhten Provisionen von Kunden des Streamingdienstes, wie dessen Chef Daniel Ek behauptet. Ek nutze falsche Zahlen, heißt es in einem internen Dokument.

Es waren schwere Vorwürfe, die Daniel Ek erhob. Apple sei zwar ein Konkurrent seiner Firma, schrieb der Gründer und Geschäftsführer des Musik-Streamingdienstes Spotify, und das sei auch gut so. “Aber Apple verschafft sich immer noch bei jeder Gelegenheit Vorteile”, schimpfte Ek Mitte März. Deshalb habe Spotify Beschwerde bei der EU-Kommission eingelegt.

Zur Begründung behauptete Ek, dass Apple von Spotify eine “Steuer” in Höhe von 30 Prozent auf Käufe über Apples Bezahlsystem erhebe – etwa dann, wenn Spotify-Nutzer von einem Gratis- auf ein kostenpflichtiges Premiumkonto umsteigen. Das würde Spotify zwingen, seine Preise “künstlich aufzublasen”, und zwar deutlich über das, was Apple für seinen eigenen Streamingdienst Apple Music verlange.

Apple wehrt sich jetzt gegen diese Vorwürfe – und beschuldigt Spotify, wissentlich mit irreführenden Zahlen zu operieren. So erwecke Spotify den Eindruck, dass die 30-Prozent-Abgabe für alle Nutzer von Apple-Geräten fällig werde. Dabei gehe es um nur 680.000 Nutzer, wie es nach SPIEGEL-Informationen in Apples Stellungnahme an die EU-Kommission heißt, die Ende Mai in Brüssel eingetroffen ist.

Apple: Spotify operiert mit irreführenden Zahlen

Die Kommission von 30 Prozent sei nur bei jenen Spotify-Kunden erhoben worden, die ihr Abo über Apples In-App-Kauffunktion von Gratis auf Premium umgestellt hätten. Diese Funktion sei aber nur von 2014 bis 2016 in der Spotify-App aktiv gewesen – und in dieser Zeit hätten nur 680.000 Kunden davon Gebrauch gemacht. Für alle anderen Abo-Upgrades vorher und nachher hat Apple nach eigenen Angaben keinen Cent kassiert.

Spotify hatte laut seinem letzten Geschäftsbericht Ende des ersten Quartals 2019 weltweit rund 100 Millionen zahlende Nutzer – eine Steigerung von 32 Prozent gegenüber dem Vorjahr. Apple Music kommt aktuell auf gut 50 Millionen Kunden, wuchs zuletzt aber schneller als der schwedische Wettbewerber. Europa ist die wichtigste Region für Spotify. In den USA hat Apple Spotify zuletzt offenbar überholt.

Spotify lässt Anfragen unbeantwortet

Auch für die betroffenen 680.000 Spotify-Abos verlangt Apple offenbar – anders als Ek in seinem Blog schreibt – nicht 30 Prozent, sondern nur die Hälfte. Schon vor einiger Zeit hat die Firma die Kommission für Abo-Kunden gesenkt: Nach einem Jahr Mitgliedschaft fällt sie von 30 auf 15 Prozent. Da die 680.000 Spotify-User ihre Abos vor drei bis fünf Jahren abgeschlossen haben, muss Spotify für sie nach Apple-Angaben nur noch 15 Prozent abführen.

Warum Ek dennoch behauptet, dass Apple bis heute eine Kommission verlange und diese 30 Prozent betrage, ist unklar. Spotify hat auf mehrere Anfragen des SPIEGEL nicht reagiert.

Ek hat in seinem Blogpost eingeräumt, dass Spotify die Gebühr an Apple umgehen könne, indem man die Apple-eigene Bezahlfunktion nicht nutze. Dann aber erschwere Apple die Kommunikation zwischen Spotify und seinen Kunden, blockiere App-Updates oder halte Spotify von Produkten wie der Assistenzsoftware Siri, dem vernetzten Lautsprecher HomePod und der Computer-Uhr Apple Watch fern. Apple weist diese Behauptungen als unwahr zurück.

Vestager erinnert an Milliarden-Bußgelder gegen Google und Microsoft

Die entscheidende Frage im Prüfverfahren der EU-Kommission ist nun, ob Apples App Store eine dominante Plattform ist, die den gesamten Musikstreaming-Markt beeinflussen könnte, und ob Apple seinen eigenen Streaming-Dienst bevorteilt. “Wir haben eine Plattform, die Kunden zu verschiedenen Anbietern leitet, und dann beginnt die Plattform, solche Geschäfte selbst zu machen, also selbst zum Anbieter zu werden”, sagte EU-Wettbewerbskommissarin Margrethe Vestager im März über den App Store. Das sei ein Muster, “das wir schon kennen”. Es war eine Anspielung auf die milliardenschweren Bußgelder gegen Google und Microsoft.

Bei Apple hält man diesen Vergleich schon deshalb für falsch, weil das iPhone in der EU nur einen Anteil von 25 Prozent des Smartphone-Markts hält. Nahezu der gesamte Rest entfällt auf Handys mit Googles Android-Betriebssystem. Zudem sei Apple Music auch nicht dominant auf dem Markt der Streaming-Anbieter.

Zu Dauer und Stand des von Spotify angestrengten Prüfverfahrens wollte die EU-Kommission auf Anfrage keine Angaben machen.

from: https://www.spiegel.de/netzwelt/netzpolitik/spotify-beschwerde-bei-eu-kommission-apple-wehrt-sich-a-1273755.html

***

Any transaction that Apple processes for you will be subject to the 30% transaction fee. Any direct “in app purchase.”
Essentially, anything that can be delivered via the app that’s “digital content” is taxable.

If you have a basic eCommerce app where you sell physical products but you yourself process the payments, Apple will not take 30%.

from: https://www.startups.com/community/questions/381/does-the-30-apple-transaction-fee-apply-to-physical-goods-purchased-on-an-app

***

According to Apple’s official guidelines:

If you want to unlock features or functionality within your app (by way of example: subscriptions, in-game currencies, game levels, access to premium content, or unlocking a full version), you must use in-app purchase. Apps may use in-app purchase currencies to enable customers to “tip” digital content providers in the app. Apps and their metadata may not include buttons, external links, or other calls to action that direct customers to purchasing mechanisms other than in-app purchase.

You must use in-app purchases and Apple’s official API’s, if it’s not a physical item.

Otherwise your app will be rejected.

from: https://stackoverflow.com/questions/48058415/is-there-a-way-to-avoid-in-app-30-fee-for-any-purchases-in-ios

***

In-App Purchases. What you need to know before developing a Mobile App

So you’re building an iOS app. Great! Let’s get to the brass tacks; how are you going to make money on it? Will there be some kind of purchasing ability within the app?

If your app is going to be anything like the majority of the 1.6 Million apps in the App Store, whose in-app purchases account for nearly $24 Billion annually – you need to know how purchasing works on iOS.

In-App Purchases vs. Apple Pay:

Apple has built two ways to pay for things directly into iOS: Apple Pay and In-App Purchase (IAP). Apple Pay is similar to a credit card transaction: it takes a small percentage of the transaction, plus a flat-fee. IAPs use the iTunes store purchasing system, and therefore take a 30% cut on all purchases, whether they’re one time uses or subscription based.

Based on the fee structure alone, it sounds like you’d be a fool to not go with Apple Pay. Well, the plain truth is you can’t use Apple Pay everywhere. In fact, unless you fall into a few specific use cases, you can’t use Apple Pay, or any other payment processor, at all.

Taking a Deeper Look at IAP – It’s important!

Regardless of whether you’re a CEO or a developer, do yourself a favor and read up on the purchasing guidelines for IAP and the ones for Apple Pay too. It’s important to understand the specific rules, so you don’t find yourself crashing into a brick wall later.

The gist is: any time you offer new/renewing content that users will pay for in-app (like news articles), they must be processed via IAP. Similarly, if you want to restrict some functionality, such as “Pro” features, that must be IAP. Finally, if you want to sell tokens/credits/gold coins/gems or whatever as consumables in a game or other service, they also must be through IAP.

One of the toughest decisions to make is whether or not to process subscription sign-ups through your app – or somewhere else like your website (more on that later). If you do decide to allow purchases within the app, then those must be through IAP too.

Given the fact that every In-App Purchase gives Apple a 30% cut, it can throw a really big wrench in your business plan if you aren’t expecting it.

What Doesn’t Fall in Apple’s In-App Purchase Policy:

Ok, when can you avoid using IAP? The simple answer is, when you’re selling physical goods and services.

My favorite example is Uber or Lyft. They can have their own credit card processing system (or Apple Pay) because the customer is paying for an actual ride from one place in the real world to another. When the customer purchases something from Amazon, they are buying a physical product, so Amazon can use their own payment system as well. However, you will notice that you cannot buy books in the Amazon Kindle app. You can download samples and add to a wish list, money does not change hands in the Kindle app.

Curiously, you can buy a Kindle book in the normal Amazon store app, using Amazon’s own payment processing. I don’t know if Amazon worked out a special deal with Apple, or they just snuck it in there. When you’re on Amazon’s size you can get just a small bit of leeway.

The trouble is 1) there aren’t a lot of businesses that offer these types of products or services that transact on mobile applications, and 2) it may not be immediately obvious that your pricing model falls under the IAP umbrella. If there is any doubt, submit your application for review as early as possible to validate this. It is far easier to adjust a business model months before launch than hours.

What about Software-as-a-Service businesses?

If you sell a SaaS subscription within an iOS app, it’s just another subscription in Apple’s eyes; you have to use an IAP subscription and give Apple 30%.

You can however, sell the subscription on your website and still have a companion iOS app. Take a look at the Basecamp iOS app:

This is the first screen you see when you launch the app. There are no IAPs for their subscription model. Instead, Basecamp has you sign up and pay for their subscription service on their website, not in their mobile app.

So you’re saying there is a loophole?

Yes. Well, maybe… You can certainly avoid paying the 30% fee for IAP, but there is a Shaq sized catch. You CANNOT advertise anywhere in an app that you are selling something outside of iOS.

This is a pretty tough decision to make, as it has implications not only for product development, but also user acquisition, engagement and retention.

Originally, Netflix did not allow you to sign up for their $10/month plan inside of their iOS app, instead forcing every user to activate their account online. They held steady on that for a long time, opting to avoid the IAP fees for a clunkier user experience. That was until they determined that the number of signups they received by the convenience of activating subscriptions right there in the app outweighed the 30% hit on revenue.

I cannot stress enough that you will be rejected if you link to a website that displays a payment form. Even if you link to your homepage, and that links to a payment page, you’ll be rejected. Notice that there is no link to basecamp.com in that screenshot above. (Bonus tip: if you have a link to an Android version on that homepage, you’ll also get rejected. Life is fun sometimes.)

What this means for your business. And your app.

All too often we have a tendency to rush into things. Apps, and software development, are notoriously hard to estimate regardless. There is always an unknown wrench that will be thrown into your plans, but your business model and how you scale revenue should always be in your hands.

Apple’s IAP policy might seem a little imperious, and it is. Apple has $528 billion reasons that allow them to get away with it though and they won’t be changing anytime soon. With a little bit of foreknowledge your business and your development plan can adapt.

from: https://blog.tallwave.com/2016/04/13/in-app-purchases-what-you-need-to-know-before-developing-a-mobile-app

***

[Google is no different: it also has a 30% cut in its Google Play Store]

Opinion: Google’s 30% cut of Play Store app sales is nothing short of highway robbery

Congratulations: You’ve finally developed your million-dollar app. You took a great idea, implemented it, built it into a polished UI, and tested it until you tracked down every last bug. Now it’s ready for public release, so you can sit back, relax and … earn just 70% of what users pay for your software? That doesn’t sound right. Yet it’s a position that mobile app developers everywhere find themselves in, one that’s perched somewhere on the intersection between wildly unfair and mild extortion.

As you’re probably aware, Google takes a 30% cut of all software sales going through the Play Store — that counts for both for the initial sale of apps, as well as any supplementary in-app purchases. In the context of the industry, this practice doesn’t seem too outlandish; Apple does the same thing with iOS software distribution through its App Store, and we see similar arrangements in the PC sphere on platforms like Steam.

But just because it’s commonplace, does that mean it’s fair, or even right? How did we get to this place where paying a developer 70 cents on the dollar for their hard work seems OK?

Back before the days when software distribution was primarily online, developers had it a lot worse. First you had to find a publisher, who was going to want their cut. Then you had the cost of physical media to consider, as well as designing and manufacturing some attractive packaging. You had to pay to ship your software to stores, and to even get it on shelves meant giving retailers their slice of the pie. And of course, with all these parties involved and them wanting to ensure as high sales as possible, you’d probably also be paying for an expensive advertising campaign.

In the end, the developer would be very lucky to end up with even 20% of the ultimate sale price (and forget about that if we’re talking console games, with royalties to the console manufacturer knocking things under 10% easily).

But that’s not the world we live in today, and so many of those costs have either seriously diminished or become irrelevant altogether. There’s no need to fight for retailer shelf space, no unsold merchandise taking up space in warehouses, and no need to pay so many middlemen along the way — heck, why even bother with a publisher when you can be a one-man app studio yourself?

from: https://www.androidpolice.com/2018/09/22/opinion-googles-30-cut-play-store-app-sales-nothing-short-highway-robbery/

BERLINER KURIER, Mittwoch, 5. Juni 2019

The Network Level Authentication (NLA) feature of Windows Remote Desktop Services (RDS) can allow a hacker to bypass the lockscreen on remote sessions, and there is no patch from Microsoft, the CERT Coordination Center at Carnegie Mellon University warned on Tuesday.

NLA provides better protection for Remote Desktop (RD) sessions by requiring the user to authenticate to the RD Session Host server before a session is created. Microsoft recently recommended NLA as a workaround for a critical RDS vulnerability tracked as BlueKeep and CVE-2019-0708.

When a user connects to a remote system over RDS, they can lock the session similar to how sessions can be locked locally in Windows. If the session is locked, the user is presented with a lockscreen where they have to authenticate in order to continue using the session.

Joe Tammariello of the Software Engineering Institute at Carnegie Mellon University discovered a vulnerability that can be exploited to bypass the lockscreen on an RDS session. The flaw, tracked as CVE-2019-9510 and assigned a CVSS score of 4.6 (medium severity), affects versions of Windows starting with Windows 10 1803 and Server 2019.

“If a network anomaly triggers a temporary RDP disconnect, upon automatic reconnection the RDP session will be restored to an unlocked state, regardless of how the remote system was left,” CERT/CC explained in an advisory.

The organization has described the following attack scenario: the targeted user connects to a Windows 10 or Server 2019 system via RDS, they lock the remote session, and leave the client device unattended. At this point, an attacker who has access to the client device can interrupt its network connectivity, and they can then gain access to the remote system without needing any credentials.

“Two-factor authentication systems that integrate with the Windows login screen, such as Duo Security MFA, are also bypassed using this mechanism. Any login banners enforced by an organization will also be bypassed,” CERT/CC said.

Tammariello reported his findings to Microsoft, but the tech giant apparently does not plan on patching the vulnerability too soon.

“After investigating this scenario, we have determined that this behavior does not meet the Microsoft Security Servicing Criteria for Windows,” Microsoft said, according to CERT/CC vulnerability analyst Will Dormann.

Users can protect themselves against potential attacks via two methods: locking the local system instead of the remote system, and disconnecting the RDS session instead of locking it.

from: https://www.securityweek.com/hackers-can-bypass-windows-lockscreen-remote-desktop-sessions

(if you can identify them – its done badly)

24 MAY 2019

2,4 Milliarden monatlich aktive Nutzer hat Facebook im Geschäftsbericht für das erste Quartal 2019 gemeldet. Im selben Zeitraum löschte das Unternehmen 2,2 Milliarden Fake-Accounts. Das geht aus dem gestern veröffentlichten Community Standards Enforcement Report hervor. Und dabei erwischt Facebook längst nicht alle gegen die Regeln verstoßenden Profile, wie eine weitere Statista-Grafik zeigt. Die enormen Zahlen gehen laut Mark Zuckerberg unter anderem auf Betrüger zurück, die versuchen automatisch tausende Accounts auf einmal einzurichten.

from: https://de.statista.com/infografik/18152/anzahl-der-von-facebook-geloeschten-fake-accounts/

(Articles below updated last: 05 JUN 2019)

‘Reverse Engineering’ Police App Reveals Profiling and Monitoring Strategies

The app prompts government officials to collect a wide array of information from ordinary people in Xinjiang.

From a drop-down menu, officials are prompted to choose the circumstances under which information is being collected.

The information it gathers ranges from people’s blood type to their height, from their “religious atmosphere” to their political affiliation.

Officials are prompted to investigate those determined to have used an “unusual” amount of electricity.

Officials can select from a list of reasons for unusual electricity consumption, such as: “purchased new electronics for domestic use” or “doing renovations.”

The system detects when the registered owner of the car is not the same as the person who is buying gasoline.

The app’s source code suggests that nearby officials are required to investigate by logging the reasons for the mismatch, …

… and deciding whether this case seems suspicious and requires further police investigation.

The app alerts officials to people who took trips abroad that it considers excessively long, …

… then prompts officials to interrogate the “overdue” person or their relatives and other acquaintances, asking them for details about the travel.

The system alerts officials if it has lost track of someone’s phone, to determine whether the owner’s actions are suspicious and require investigation.

Some of the investigations involve checking people’s phones for any one of the 51 internet tools that are considered suspicious, including WhatsApp, Viber, Telegram, and Virtual Private Networks (VPNs), Human Rights Watch found. The IJOP system also monitors people’s relationships, identifying as suspicious travelling with anyone on a police watch list, for example, or anyone related to someone who has recently obtained a new phone number.

Based on these broad and dubious criteria, the system generates lists of people to be evaluated by officials for detention. Official documents state individuals “who ought to be taken, should be taken,” suggesting the goal is to maximize detentions for people found to be “untrustworthy.” Those people are then interrogated without basic protections. They have no right to legal counsel, and some are tortured or otherwise mistreated, for which they have no effective redress.

The IJOP system was developed by China Electronics Technology Group Corporation (CETC), a major state-owned military contractor in China. The IJOP app was developed by Hebei Far East Communication System Engineering Company (HBFEC), a company that, at the time of the app’s development, was fully owned by CETC.

Under the Strike Hard Campaign, Xinjiang authorities have also collected biometrics, including DNA samples, fingerprints, iris scans, and blood types of all residents in the region ages 12 to 65. The authorities require residents to give voice samples when they apply for passports. All of this data is being entered into centralized, searchable government databases. While Xinjiang’s systems are particularly intrusive, their basic designs are similar to those the police are planning and implementing throughout China.

The Chinese government should immediately shut down the IJOP platform and delete all the data that it has collected from individuals in Xinjiang, Human Rights Watch said. Concerned foreign governments should impose targeted sanctions, such as under the US Global Magnitsky Act, including visa bans and asset freezes, against the Xinjiang Party Secretary, Chen Quanguo, and other senior officials linked to abuses in the Strike Hard Campaign. They should also impose appropriate export control mechanisms to prevent the Chinese government from obtaining technologies used to violate basic rights. United Nations member countries should push for an international fact-finding mission to assess the situation in Xinjiang and report to the UN Human Rights Council.

from: https://www.hrw.org/video-photos/interactive/2019/05/02/china-how-mass-surveillance-works-xinjiang

***

read the full report:

China’s Algorithms of Repression

Reverse Engineering a Xinjiang Police Mass Surveillance App

Since late 2016, the Chinese government has subjected the 13 million ethnic Uyghurs and other Turkic Muslims in Xinjiang to mass arbitrary detention, forced political indoctrination, restrictions on movement, and religious oppression. Credible estimates indicate that under this heightened repression, up to one million people are being held in “political education” camps. The government’s “Strike Hard Campaign against Violent Terrorism” (Strike Hard Campaign, 严厉打击暴力恐怖活动专项行动) has turned Xinjiang into one of China’s major centers for using innovative technologies for social control.

This report provides a detailed description and analysis of a mobile app that police and other officials use to communicate with the Integrated Joint Operations Platform (IJOP, 一体化联合作战平台), one of the main systems Chinese authorities use for mass surveillance in Xinjiang. Human Rights Watch first reported on the IJOP in February 2018, noting the policing program aggregates data about people and flags to officials those it deems potentially threatening; some of those targeted are detained and sent to political education camps and other facilities. But by “reverse engineering” this mobile app, we now know specifically the kinds of behaviors and people this mass surveillance system targets.

The findings have broader significance, providing an unprecedented window into how mass surveillance actually works in Xinjiang, because the IJOP system is central to a larger ecosystem of social monitoring and control in the region. They also shed light on how mass surveillance functions in China. While Xinjiang’s systems are particularly intrusive, their basic designs are similar to those the police are planning and implementing throughout China.

Many—perhaps all—of the mass surveillance practices described in this report appear to be contrary to Chinese law. They violate the internationally guaranteed rights to privacy, to be presumed innocent until proven guilty, and to freedom of association and movement. Their impact on other rights, such as freedom of expression and religion, is profound.

Human Rights Watch finds that officials use the IJOP app to fulfill three broad functions: collecting personal information, reporting on activities or circumstances deemed suspicious, and prompting investigations of people the system flags as problematic.

Analysis of the IJOP app reveals that authorities are collecting massive amounts of personal information—from the color of a person’s car to their height down to the precise centimeter—and feeding it into the IJOP central system, linking that data to the person’s national identification card number. Our analysis also shows that Xinjiang authorities consider many forms of lawful, everyday, non-violent behavior—such as “not socializing with neighbors, often avoiding using the front door”—as suspicious. The app also labels the use of 51 network tools as suspicious, including many Virtual Private Networks (VPNs) and encrypted communication tools, such as WhatsApp and Viber.

The IJOP app demonstrates that Chinese authorities consider certain peaceful religious activities as suspicious, such as donating to mosques or preaching the Quran without authorization. But most of the other behavior the app considers problematic are ethnic-and religion-neutral. Our findings suggest the IJOP system surveils and collects data on everyone in Xinjiang. The system is tracking the movement of people by monitoring the “trajectory” and location data of their phones, ID cards, and vehicles; it is also monitoring the use of electricity and gas stations of everybody in the region. This is consistent with Xinjiang local government statements that emphasize officials must collect data for the IJOP system in a “comprehensive manner” from “everyone in every household.”

When the IJOP system detects irregularities or deviations from what it considers normal, such as when people are using a phone that is not registered to them, when they use more electricity than “normal,” or when they leave the area in which they are registered to live without police permission, the system flags these “micro-clues” to the authorities as suspicious and prompts an investigation.

Another key element of IJOP system is the monitoring of personal relationships. Authorities seem to consider some of these relationships inherently suspicious. For example, the IJOP app instructs officers to investigate people who are related to people who have obtained a new phone number or who have foreign links.

The authorities have sought to justify mass surveillance in Xinjiang as a means to fight terrorism. While the app instructs officials to check for “terrorism” and “violent audio-visual content” when conducting phone and software checks, these terms are broadly defined under Chinese laws. It also instructs officials to watch out for “adherents of Wahhabism,” a term suggesting an ultra-conservative form of Islamic belief, and “families of those…who detonated [devices] and killed themselves.” But many—if not most—behaviors the IJOP system pays special attention to have no clear relationship to terrorism or extremism. Our analysis of the IJOP system suggests that gathering information to counter genuine terrorism or extremist violence is not a central goal of the system.

The app also scores government officials on their performance in fulfilling tasks and is a tool for higher-level supervisors to assign tasks to, and keep tabs on the performance of, lower-level officials. The IJOP app, in part, aims to control government officials to ensure that they are efficiently carrying out the government’s repressive orders.

In creating the IJOP system, the Chinese government has benefitted from Chinese companies who provide them with technologies. While the Chinese government has primary responsibility for the human rights violations taking place in Xinjiang, these companies also have a responsibility under international law to respect human rights, avoid complicity in abuses, and adequately remedy them when they occur.

As detailed below, the IJOP system and some of the region’s checkpoints work together to form a series of invisible or virtual fences. Authorities describe them as a series of “filters” or “sieves” throughout the region, sifting out undesirable elements. Depending on the level of threat authorities perceive—determined by factors programmed into the IJOP system—, individuals’ freedom of movement is restricted to different degrees. Some are held captive in Xinjiang’s prisons and political education camps; others are subjected to house arrest, not allowed to leave their registered locales, not allowed to enter public places, or not allowed to leave China.

Government control over movement in Xinjiang today bears similarities to the Mao Zedong era (1949-1976), when people were restricted to where they were registered to live and police could detain anyone for venturing outside their locales. After economic liberalization was launched in 1979, most of these controls had become largely obsolete. However, Xinjiang’s modern police state—which uses a combination of technological systems and administrative controls—empowers the authorities to reimpose a Mao-era degree of control, but in a graded manner that also meets the economy’s demands for largely free movement of labor.

The intrusive, massive collection of personal information through the IJOP app helps explain reports by Turkic Muslims in Xinjiang that government officials have asked them or their family members a bewildering array of personal questions. When government agents conduct intrusive visits to Muslims’ homes and offices, for example, they typically ask whether the residents own exercise equipment and how they communicate with families who live abroad; it appears that such officials are fulfilling requirements sent to them through apps such as the IJOP app. The IJOP app does not require government officials to inform the people whose daily lives are pored over and logged the purpose of such intrusive data collection or how their information is being used or stored, much less obtain consent for such data collection.

The Strike Hard Campaign has shown complete disregard for the rights of Turkic Muslims to be presumed innocent until proven guilty. In Xinjiang, authorities have created a system that considers individuals suspicious based on broad and dubious criteria, and then generates lists of people to be evaluated by officials for detention. Official documents state that individuals “who ought to be taken, should be taken,” suggesting the goal is to maximize the number of people they find “untrustworthy” in detention. Such people are then subjected to police interrogation without basic procedural protections. They have no right to legal counsel, and some are subjected to torture and mistreatment, for which they have no effective redress, as we have documented in our September 2018 report. The result is Chinese authorities, bolstered by technology, arbitrarily and indefinitely detaining Turkic Muslims in Xinjiang en masse for actions and behavior that are not crimes under Chinese law.

And yet Chinese authorities continue to make wildly inaccurate claims that their “sophisticated” systems are keeping Xinjiang safe by “targeting” terrorists “with precision.” In China, the lack of an independent judiciary and free press, coupled with fierce government hostility to independent civil society organizations, means there is no way to hold the government or participating businesses accountable for their actions, including for the devastating consequences these systems inflict on people’s lives.

The Chinese government should immediately shut down the IJOP and delete all the data it has collected from individuals in Xinjiang. It should cease the Strike Hard Campaign, including all compulsory programs aimed at surveilling and controlling Turkic Muslims. All those held in political education camps should be unconditionally released and the camps shut down. The government should also investigate Party Secretary Chen Quanguo and other senior officials implicated in human rights abuses, including violating privacy rights, and grant access to Xinjiang, as requested by the Office of the United Nations High Commissioner for Human Rights and UN human rights experts.

Concerned foreign governments should impose targeted sanctions, such as the US Global Magnitsky Act, including visa bans and asset freezes, against Party Secretary Chen and other senior officials linked to abuses in the Strike Hard Campaign. They should also impose appropriate export control mechanisms to prevent the Chinese government from obtaining technologies used to violate basic rights.

from: https://www.hrw.org/report/2019/05/01/chinas-algorithms-repression/reverse-engineering-xinjiang-police-mass-surveillance

***

China data leak exposes mass surveillance in Xinjiang

Beijing (AFP) – A Chinese technology firm has compiled a range of personal information on 2.6 million people in Xinjiang — from their ethnicity to locations — according to a data leak highlighting the wide extent of surveillance in the restive region.

Xinjiang is home to most of China’s Uighur ethnic minority lives and has been under heavy police surveillance in recent years after violent inter-ethnic tensions.

Nearly one million Uighurs and other Turkic language-speaking minorities in Xinjiang are reportedly held in re-education camps, according to a UN panel of experts.

The leak was discovered last week by security researcher Victor Gevers, who found that Chinese tech company SenseNets had stored the records of individuals in an open database “fully accessible to anyone”.

The records included information such as their Chinese ID number, birthday, address, ethnicity, and employer.

The exposed data also linked individuals to GPS coordinates — labelled with descriptions such as “mosque” — captured by tracking devices around the region.

Within a 24-hour period, more than six million locations were saved by SenseNets’ tracking devices, according to Gevers, who works at Dutch online security non-profit GDI Foundation and posted his findings on Twitter.

“You can clearly see they have absolutely no clue about network security,” he told AFP, describing SenseNets’ IT skills as belonging “to the early 90s”.

“Who in their right mind runs a database which is completely open and gives any visitors full administrative rights so then those database records can be manipulated by anyone with an internet connection?” he said.

“It simply does not compute.”

The database had been exposed since last July but was closed last Thursday, after Gevers reported the leak to SenseNets, he said.

SenseNets told AFP it was not accepting media interviews. The Xinjiang government did not immediately respond to AFP’s request for comment.

– Blacklisted –

The demand for high-tech surveillance in Xinjiang region has led to the placing of surveillance cameras inside mosques, restaurants and other public places, while police checkpoints have been set up across the region.

It has has also created lucrative business opportunities for artificial intelligence companies like SenseNets, which specialises in facial recognition.

On its website, the Shenzhen-based firm showcases different applications, from detecting “blacklisted” individuals in a crowd to tracing a suspect’s whereabouts.

The technology firm partners with public security bureaus around the country, as well as US tech firms such as Microsoft and semiconductor company AMD.

In 2016, for instance, it helped local police in southern Guangdong province identify individuals involved in organising an “illegal gathering” — a term that often refers to protests in China.

SenseNets is majority-owned by NetPosa, a public company listed on the Shenzhen stock exchange. On its website, the Beijing-based firm calls itself a “leading manufacturer of video surveillance platforms” and boasted coverage of over 1.5 million roads in China at the end of 2017.

from: https://news.yahoo.com/china-data-leak-exposes-mass-surveillance-xinjiang-103612161.html

***

China’s Xinjiang Region A Surveillance State Unlike Any the World Has Ever Seen

In western China, Beijing is using the most modern means available to control its Uighur minority. Tens of thousands have disappeared into re-education camps. A journey to an eerily quiet region.

July 26, 2018

These days, the city of Kashgar in westernmost China feels a bit like Baghdad after the war. The sound of wailing sirens fills the air, armed trucks patrol the streets and fighter jets roar above the city. The few hotels that still host a smattering of tourists are surrounded by high concrete walls. Police in protective vests and helmets direct the traffic with sweeping, bossy gestures, sometimes yelling at those who don’t comply.

But now and then, a ghostly calm descends on the city. Just after noon, when it’s time for Friday prayers, the square in front of the huge Id Kah Mosque lies empty. There’s no muezzin piercing the air, just a gentle buzz on the rare occasion that someone passes through the metal detector at the entrance to the mosque. Dozens of surveillance cameras overlook the square. Security forces, some in uniform and others in plain-clothes, do the rounds of the Old Town with such stealth it’s as if they were trying to read people’s minds.

Journalists are not immune to their attentions. No sooner have we arrived than two police officers insist on sitting down with us for a “talk.” The next day in our hotel, one of them emerges from a room on our floor. When we take a walk through the city in the morning, we’re followed by several plain-clothes officers. Eventually, we’re being tailed by some eight people and three cars, including a black Honda with a covered license plate — apparently the secret police. Occasionally, our minders seem to be leaving us alone, but already awaiting us at the next intersection are the surveillance cameras that reach into every last corner of Kashgar’s inner city. The minute we strike up conversation with anyone, officials appear and start interrogating them.

Before too long, they’ll detain us too. More on that later. But while the authorities in Xinjiang keep close tabs on foreign reporters, their vigilance is nothing compared to their persecution of the Uighur population.

Nowhere in the world, not even in North Korea, is the population monitored as strictly as it is in the Xinjiang Uighur Autonomous Region, an area that is four times the size of Germany and shares borders with eight countries, including Pakistan, Afghanistan Tajikistan and Kazakhstan.

Oppression has been in place for years, but has worsened massively in recent months. It is targeted primarily at the Uighur minority, a Turkic ethnic group of some 10 million Sunni Muslims considered by Beijing to be a hindrance to the development of a “harmonious society.” A spate of attacks involving Uighur militants has only consolidated this belief.

The Uighurs see themselves as a minority facing cultural, religious and economic discrimination. When Xinjiang was incorporated into the People’s Republic of China in 1949, they comprised roughly 80 percent of the region’s population. Controlled migration to Xinjiang of Han Chinese has reduced this share to 45 percent, and it is mainly these migrants who benefit from the economic boom in the region, which has plentiful supplies of oil, gas and coal.

With the Uighurs protesting, Beijing has tightened its grip and turned Xinjiang into a security state that is extreme even by China’s standards, being a police state itself. According to Adrian Zenz, a German expert on Xinjiang, the provincial government has recruited over 90,000 police officers in the last two years alone — twice as many as it recruited in the previous seven years. With around 500 police officers for every 100,000 inhabitants, the police presence will soon be almost as tight as it is in neighboring Tibet.

At the same time, Beijing is equipping the far-western region with state-of-the-art surveillance technology, with cameras illuminating every street all over the region, from the capital Urumqi to the most remote mountain village. Iris scanners and WiFi sniffers are in use in stations, airports and at the ubiquitous checkpoints — tools and programs that allow data traffic from wireless networks to be monitored.

The data is then collated by an “integrated joint operations platform” that also stores further data on the populace — from consumer habits to banking activity, health status and indeed the DNA profile of every single inhabitant of Xinjiang.

Anyone with a potentially suspicious data trail can be detained. The government has built up a grid of hundreds of re-education camps. Tens of thousands of people have disappeared into them in recent months. Zenz estimates the number to be closer to hundreds of thousands. More precise figures are difficult to obtain. Censorship in Xinjiang is the strictest in China and its authorities the most inscrutable.

But a distinct impression forms after a trip through the territory and numerous conversations with its inhabitants, who all want to remain anonymous. Xinjiang, one of the most remote and backward regions in booming China, has become a real-life dystopia. It provides a glimpse of what an authoritarian regime armed with 21st century technology is capable of.

Urumqi: Police, Block Leaders and Snitches

With its ultra-modern skyline, the capital of Xinjiang is home to a population of some 3.5 million, 75 percent of which are Han Chinese. The Uighurs make up the largest minority. Kazakhs, Mongolians and Chinese-speaking Muslim Hui people also live here. “All ethnic groups belong together like the seeds of a pomegranate,” reads a banner overlooking Urumqi’s multilane ring road.

“The truth is, you can’t trust the Uighurs,” says a Han Chinese who used to work for the military. “They act like they’re your friend but they only really stick together.”

Mistrust between these two ethnic groups has been growing for decades. In 2009, tensions erupted in Xinjiang and claimed nearly 200 lives. Most of the dead were Han Chinese. In 2014, knife-wielding Uighur militants killed 31 people in Kunming. Just months later, two cars sped into a busy street market in Urumqi, killing dozens. There have been fewer major attacks since, but rumors abound among the Han Chinese that serious incidents frequently occur in the south of Xinjiang but go unreported.

In a bid to see calm return to the region, Beijing brought in hardliner Chen Quanguo, party boss in Tibet, and put him in charge in Xinjiang. Within two years, he implemented the same policy he enacted in Tibet and installed police stations across the region. These bunker-like, barricaded and heavily guarded buildings now litter every crossroads of the major cities.

Chen also introduced a block leader system not unlike the old German “Blockwarts,” with members of the local Communist Party committee given powers to inspect family homes and interrogate them about their lives: Who lives here? Who visited? What did you talk about? Even the controllers are getting controlled: Many apartments have bar code labels on the inside of the front door which the official must scan to prove that he or she carried out the visit.

To optimize social control, neighbors are now also instructed to turn each other in. “They came to me at the start of the year,” says a businessman from Urumqi. “They said: You and your neighbor are now responsible for each other. If either of you does anything unusual, the other will be held responsible.” The businessman says he loves his country. “But I refuse to spy on my neighbor.”

Chen’s predecessor pinned his hopes on an economic upswing in Xinjiang, says a driver who also lives in Urumqi, gesturing at the downtown skyscrapers. He hoped that the more economically comfortable the population would become, the safer the region would be. “No one believes that anymore. The economy continues to grow, but the first priority now is repression.”

Turpan: A Duty To Ramp Up Security

A two-hour drive south of Urumqi is the city-oasis of Turpan, historically located directly on the Silk Road. Over the centuries, temples and mosques were built here by Chinese, Persians, Uighurs, Buddhists, Manichees and Muslims. It’s also a wine-growing region and a place suited to prayer and contemplation. Beyond the oasis are two ancient city ruins. A grand modern museum in the city center charts their history. But anyone who enters must show an ID and there’s a barbed wire fence outside. A dozen surveillance cameras watch the surrounding park, complete with pond and playground.

The museum’s security guards wear helmets and flak jackets. Next to the baggage scanners at the entrance are protective shields used by police for crowd control. It “can all be purchased,” says an assistant in the museum shop. “On the other side of the street.”

Indeed, there is a store selling security equipment just opposite the museum: Helmets and bayonets, surveillance electronics, 12-packs of batons and, above all, protective vests. “300 yuan each,” says a salesperson. That’s about 40 euros. “But they only help against stab wounds. We’ve got bulletproof vests too, but they’re much more expensive. Do you have the paperwork?”

All this gear is intended for use by security personnel protecting stores, restaurants, museums, hospitals and hotels. Their operators are obligated to ramp up security measures. “There’s just been a new directive,” says one hotel manager in Turpan, holding up a stamped piece of paper. Guests must show IDs when they check in and every time they re-enter — however often they leave and return. More security staff also have to be employed. In Xinjiang, these tightened security measures are designed not only to make the region a safer place but also to create jobs.

“There are 30 men in each bunker,” says a Uighur with suppressed anger as he passes one of the new police stations. “Thirty men, 30 breakfasts, 30 lunches and dinners. Every day. What for? Who’s paying for everything?”

Hotan: ‘Sent To School’

Hotan, a city of 300,000 people, is an oasis in the southwestern fringe of the Taklamakan desert. Attacks have been common there and surveillance is therefore especially prevalent.

When DER SPIEGEL visited Hotan in 2014, it was still possible to meet with a man who told us about the Chinese government’s harsh measures in the surrounding towns. Such a meeting would be out of the question today, the man now informs us through a messaging app. It’s not even possible to drive from one town to another without written permission, much less meet with a foreigner. “Maybe in a few years,” he writes, adding: “Delete this conversation from your phone immediately. Delete everything that could be suspicious.”

There is a modern shopping center at the edge of the city, though barely one in five stores is still open. Most of the others were closed recently due to “security and stability measures,” according to the official seals adhered to the doors. “Everyone was sent to school,” one passerby says quietly while looking around.

“Qu xuexi,” meaning to go or be sent to study, is one of the most common expressions in Xinjiang these days. It is a euphemism for having been taken away and not having been seen or heard from since. The “schools” are re-education centers in which the detainees are being forced to take courses in Chinese and patriotism, without any indictment, due process or a fair hearing.

More than half the people we met along the way during our journey spoke of family members or acquaintances who were “sent to school.” One driver in Hotan talked about his 72-year-old grandfather. A person in Urumqi told the story of his daughter’s professor. An airplane passenger spoke of his best friend.

The stories differ, yet they all contain important parallels. Most of the people affected are men. The arrests usually occur at night or in the early morning. The reasons cited include contacts abroad, too many visits to a mosque or possessing forbidden content on a mobile phone or computer. Relatives of those who are apprehended often don’t hear from them for months. And when they do manage to see them again, it’s never in person but rather via video stream from the prison visitor area.

During a conversation with a rug salesman at the market in Hotan, a woman in a short dress shows up and joins the chat. She says she works for an office nearby, and that she has taken the day off. She offers to translate the conversation with the salesman from Uighur into Chinese. No, she will later say as she walks across the nearly empty market, the store closures have nothing to do with re-education camps. “The employees were sent away for technical training,” she says. Then she politely says goodbye.

A few hours later, we arrive at the train station for the 500-kilometer (311 mile) ride to Kashgar. The station is guarded like a military base. Travelers must pass through three checkpoints and dozens of surveillance cameras to get to the platform.

“Ah,” the ticket inspector says to her colleague as we inquire about our seats. “This is the foreign journalist.” The train is nearly full, with hundreds of passengers aboard. A few compartments away, I later notice the woman in the short dress who offered her services as a translator at the market.

Kashgar: ‘Allergic Images’

The train to Kashgar takes six hours and passes by more oasis towns and settlements, the names of which are synonymous with the Uighur resistance in China: Moyu, Pishan, Shache, Shule. All the train stations are surrounded by checkpoints and barbed wire fences. When the train stops at a platform, the train dispatcher is often accompanied by a police officer with either a billy club or a gun.

Kashgar is more than 2,000 years old. It was one of the most important stations along the old Silk Road. Visitors could once gaze upon one of the best preserved Islamic old cities in central Asia, made almost entirely of mud houses. But the government demolished most of the old buildings and erected a picturesque tourist quarter in its stead.

Unlike in Urumqi and Turpan, most taxis in Kashgar are outfitted with two cameras. One is aimed at the passenger up front while the other points at those in the backseat. “That was imposed over a year ago,” one driver says. “The cameras are directly connected to Public Security. They turn them on and off whenever they want. We have no influence.”

Normal journalistic research in Kashgar is inconceivable. No one wants to talk. A Uighur human rights activist who met up with us four years ago didn’t respond to a single one of our text messages. His phone number is no longer listed. As we later learned, he disappeared months ago. But whether he was thrown into a re-education camp or prison is unknown.

And then the police officers from the beginning of this story show up again and don’t let us out of their sight.

There’s a bit of drama as we buy apricots from a fruit shop. We speak to a woman who’s sitting and reading a book. It’s a language book — the woman is learning to speak Chinese. South of Xinjiang, very few Uighurs above the age of 20 speak Chinese well.

We only exchange a few words with the woman, but as we leave the store, three of our minders, including a woman in a red jacket, walk inside and confront her. I go back and begin to film the scene with my phone. Surprised, the government officials stop the conversation, pretend to be shopping and hide their faces.

An hour later, a police officer flanked by several government officials approaches us. The woman in the red coat is with them. She’s a tourist, the officials claim, and she just learned that she was filmed without her permission. According to Chinese law, the footage must now be deleted. The officer escorts us to a police station, where he confiscates the phone and not only deletes the clip from the fruit stand, but also other clips in which our government minders are recognizable. One of the officials warns us against taking any more such “allergic images.” We are then allowed to go.

The surveillance infrastructure in Kashgar is state of the art, but the Chinese government is already working on the next level of control. It wants to introduce a “social credit system” that rates the “trustworthiness” of each citizen, to reward loyalty and punish bad behavior. While the rollout of this system in the densely populated east has been sluggish and spotty, the Uighurs are evidently already subjected to a similar point-based system. This system primarily involves details that could be interesting to the police.

Every family begins with 100 points, one person affected by the system tells us. But anyone with contacts or relatives abroad, especially in Islamic countries like Turkey, Egypt or Malaysia, is punished by losing points. A person with fewer than 60 points is in danger. One wrong word, a prayer or one telephone call too many and they could be sent to “school” in no time.

from: https://www.spiegel.de/international/world/china-s-xinjiang-province-a-surveillance-state-unlike-any-the-world-has-ever-seen-a-1220174.html

***

Abstract

1 INTRODUCTION

The analysis of race, nation, and ethnical groups based on facial images is a popular topic recently in face recognition community (Fu, He, & Hou, 2014). With rapid advance of people globalization, face recognition has great application potential in border control, customs check, and public security. Meanwhile, it is also an important research branch in physical anthropology. Usually, facial features are influenced by gene, environment, society, and other factors comprehensively. However, the gene of one ethnical group is hardly unique and it may include various gene fragments from some other ethnical groups. Hence, it may lead to the similarities of facial features among several ethnicities (Jianwen, Lihua, Lilongguang, & Shourong, 2010). Therefore, it is significant to analyze facial attributes for different ethnicities in computationally artificial intelligence. This work is also helpful to the research in anthropology as it may indicate the facial features evolution (Cunrui, Qingling, Xiaodong, Yuangang, & Zedong, 2018).

This paper focuses on the analysis of some Chinese ethnical groups. First, it is necessary for us to differentiate three definitions, namely race, nation, and ethnicity (Wade, 2007). Race is a concept which is formed based on the differences from physical structures such as skin, hair, and and so on, while nation is a social‐oriented concept which refers to a community based on economics, language, and culture of a given area. Ethnicity describes a group of people, who have similar gene, culture, and language in geologically close regions. One can find that race and ethnicity are closely related though they have differences. For example, Chinese includes ethnical groups such as Han, Korean, Jing, Mongolian, Tibetan, Qiang, Miao, Turkic, Jurchen, and so on (Shiyuan, 2002). Based on homologous gene, ethnicities are steady groups and their facial features are regular and exhibit certain patterns. Although race and ethnicity have close relationship, the analysis of facial features among ethnicities is more difficult than that of race as the discrimination of facial features from different ethnicities is more difficult than that from different races (Fu et al., 2014).

Also, in cognitive process for a human face, human brains receive ethnicity or race information prior to age, gender, and expression. As shown in Figure 1, the information of ethnicity or race is processed in 80–120 ms, and the rest features, such as age and gender, are then gradually perceived later (Ito & Bartholow, 2009). This implies that race or ethnicity information is very important in face recognition.

4 FACIAL IMAGE PREPROCESSING

Due to the variations in pose, illumination, and camera parameters, it is necessary to align the images before further processing. This mainly involves face alignment and illumination normalization. The aim of face alignment is to correct face pose and resize the face resolution. The details are shown as follows:

• The coordinates of eyes are obtained automatically by eye detector, and the coordinates of two eye corners are denoted by E _l and E _r.
• The face image is rotated to make the line segment which connecting E _l and E _r to be horizontal.
• The facial area is cropped out according to the ratio of eye separation and the the rest of face.
• The cropped face images are resized to a given resolution.

As the skin color and texture of different ethnicities vary a lot, due to influence rendered by gene or environment, we conduct the illumination normalization in face image preprocessing stage. However, illumination normalization will affect the skin color. According to literature (Brooks & Gwinn, 2010), the skin color has a poor correlation with facial ethnic attributes. Hence, illumination normalization is implemented and the skin color change is ignored in our study.

Many methods have been proposed to deal with illumination variations (Biglari, Mirzaei, & Ebrahimpour‐Komeh, 2013) such as single scale retinex (SSR), multiscale retinex (MSR), and homomorphic filtering (HOMO). In this paper, the SSR is used to normalize the illumination variations for simplicity. Suppose that the light is smoothly distributed over space, the brightness of object depends on the lighting of environment and reflection of objective surface, as shown in formula (1),

  (1)

where S(x, y) is the facial image captured by camera, L(x, y) indicates component of lighting, and R(x, y) represents reflection components of object. In order to separate reflection components and lighting components, logarithm operation is used as follows:

  (2)

where R(x, y) is corresponding to the high‐frequency components of image, L(x, y) represents the low‐frequency components of image. In order to obtain R(x, y), the Gaussian filter (Hyvrinen, Hoyer, & Oja, 1999) is then applied to estimate L(x, y) as follows.

  (3)

where G(x, y) is the Gaussian function with ; c is the scale of Gaussian function; x is the size of Gaussian kernel; y is standard deviation of Gaussian distribution; K is a constant, and it satisfies ∬G(x, y)dxdy = 1.

As shown in Figure 5, the experimental results demonstrate that SSR not only has good performance in illumination normalization, but also has a quick computational speed.

5 THE ETHNICITY RECOGNITION USING SPARSE SENSING

5.1 The kNN‐based fast sparse sensing for ethnicity recognition

The SR for facial ethnicity recognition contains two steps. First, the K‐nearest neighbors of a sample are selected from the whole training set for each group. Second, the sample is described and catergrized by the selected K‐nearest neighbors via SR. The testing sample is described as a linear combination using its K‐nearest neighbors (Waqas, Yi, & Zhang, 2013).

The proposed fast SR algorithm consists of three steps: K‐nearest neighbors identification, linear representation, and classification. In K‐nearest neighbors identification, the K‐nearest neighbors are identified and the corresponding labels are recorded. If a training sample belongs to jth (j = 1, 2, ⋯, L) class, j is taken as the label. Suppose {x₁, ⋯, x _K} are the K‐nearest neighbors of a testing sample y, their labels could form a new set C = {c₁, c₂, ⋯, c _d}. The number of elements in this set is less than or equal to L or K. That is to say, C is a subset of {1, 2, ⋯, L}.

The testing sample y could be represented as a linear combination of the K‐nearest neighbors

(4)

where a _i(i = 1, 2, ⋯, K) are the coefficients. The formula (4) can be rewritten as follows:

  (5)

where A = [a₁, ⋯, a _K] ^T, X = [x₁, ⋯, x _K]. Our aim is to solve the minimum error between XA and y, subject to that the norm of A must be minimum. This optimization problem can be described by a Lagrangian function,

  (6)

where μ is a positive constant. According to Lagrangian method, A should satisfy that . Therefore, the optimal solution could be obtained as follows:

  (7)

where I is an identity matrix.The class label of a testing sample will be estimated according to its K‐nearest neighbors’s weight contribution in the SR (Wang et al., 2016). Specifically, in K‐nearest neighbors of a testing sample, the subset {x _s, ⋯, x _t} belongs to rth(r ∈ C) class, the contribution of rth class is described as follows:

  (8)

The error between g _r and the testing sample is given in formula (9).

  (9)

The smaller of the value of e _r = ||y − g _r||², implies the greater of influence on the r class. The testing sample y is then classified as the class which has the greatest contribution. In addition, if all K‐nearest neighbors are not from rth class, r does not belong to C. Hence, the SR will not classify the sample y as the rth class. Two kinds of measurement similarity are usually used in the SR. One is Euclidean distance (Aharon et al., 2006), the other is cosine measure,

  (10)

where s(y, x _i) represents the similarity between y and ith neighbor.

5.2 Holistic ethnical facial features based on SR

In this paper, the “O” region represents the whole face. We first implement SR based on holistic facial features, which implies that the whole image of a testing sample y is approximated by a linear combination of all the training images. The class label of a testing sample y is then assigned based on the difference between y and the weighted combination of the samples from each class. Let A = (A₁, A₂, ⋯, A_n) denote n training samples, the testing sample y can be approximated as a linear combination of all training samples

  (11)

Without loss of generality, the formula is expressed as follows:

where β = (β₁, β₂, ⋯, β_n)^T, A = (A₁, A₂, ⋯, A_n).

If A^T A is nonsingular, the coefficients of β could be obtained by β = (A^T A)⁻¹ A^T y. Otherwise, if A^T A is singular, β could be calculated by β = (A^T A + γI)⁻¹ A^T y, where γ is a small positive number, and I is a unit matrix.

It can be seen from formula (11) that each training sample has its contribution to the representation of the testing sample, and the contribution of ith training sample is β_i A_i. Suppose the training samples from kth class are A_s, ⋯, A_t, and the total contribution of these samples to the testing sample y is denoted by g_k = β_s A_s + ⋯ + β_t A_t, the error of the SR could be calculated by e_k = ||y − g_k||². The smaller error value implies that the contribution is greater from the samples of kth class.

Now, we conduct a simple experiment for ethnicity recognition based on the holistic facial features on the captured dataset in this paper and the experimental results are shown in Table 1, the accuracy rate of ethnicity recognition is only 45% with 90% for training and 10% for testing on 10‐fold experiments. It can be seen that the ethnicity recognition accuracy based on holistic facial features is quite low. In fact, the ethnic face is represented by sparse combination of various faces. However, one particular problem of ethnicity recognition is that the ethnic attributes come from various individuals but the facial attributes of individuals from different ethnicities may have significant contributions. In addition, holistic face features may contain insensitive features to ethnicity classification, since the facial ethnical differences are mainly conveyed by local features. Hence, it is important for us to figure out the local facial regions that are related to ethnic differences, and investigate whether the sparsity of such local features is useful for facial feature representation in terms of ethnicity recognition. We will investigate local feature extraction issue via data mining approach in next section.

Table 1. The ethnicity recognition based on holistic features

Based on these 77 landmarks, we can construct 2,926 facial features by connecting any two landmarks. Considering the redundancy and relevance of the obtained line features, the well‐known data mining technique, the minimal‐redundancy‐maximal‐relevance (mRMR) (Ding & Peng, 2005; Peng, Long, & Ding, 2005) feature selection method, is applied to select the most salient features. According to mutual information, the mRMR aims to select the significant features based on the minimal redundancy and maximal relevance, using the Equations 12 and 13,

  (12)

  (13)

where F is facial geometrical feature subset, c is class label of ethnicities, f _i is ith feature of F. I(f _i, c) is mutual information between feature f _i and class c, and I(f _i, f _j) indicates mutual information between f _i and f _j. The mutual information is calculated by Equation 14, and the mRMR selection criterion is achieved by the Equation 15.

  (14)

  (15)

Based on these 2,926 facial features, 195 salient length features are then selected out to represent the ethnic attributes of the three ethnicities using the mRMR approach. These features are divided into four parts, and then compared with anthropological features (Farkas, 1994). As shown in Figure 7, these four parts of the features are plotted on facial images. Figures 7a, b, c, and d show 19, 37, 63, and 65 length features, respectively. One can see that the best weights of features focus on nose, eyes, and eyebrows and these feature regions together form a “T” region, which can be seen clearly in Figure 7a and c. With the weights decreasing, the important region would extend to mouth area gradually. This observation shows that this “T” region is ethnic salient as demonstrated in next section.

In the following analysis, the feature vector of “T” region is extracted to represent ethnic attributes. The K‐nearest neighbors of a testing sample are selected based on the features from the corresponding “T” regions. The SR approach mentioned in previous section is then implemented to describe ethnicity attributes, which only locate in these “T” regions. The detailed algorithm can be described as follows:

• The “T” regions are identified based on landmarks obtained by STASM.
• The facial images are divided into training set X = [x₁, x₂, ⋯, x _m], and testing set Y = [y₁, y₂, ⋯, y _n], where x _i and y _i are the feature vectors extracted from the corresponding “T” regions.
• The K‐nearest neighbors of each testing sample are selected, and the training labels are recorded.
• The testing sample y ∈ Y is represented by a linear combination

  (16)

• According to Lagrange optimization, the problem (16) could be solved, the optimal solution is given by:

  (17)

• The contribution of every class could be calculated:

  (18)

• The error between y and g _r could be obtained, and the class label of y is then identified according to the error e _r.

  (19)

where we can select different norms in (19).

In summary, In order to represent each ethnical group effectively, we have used the STASM facial landmark detector to extract 77 landmarks in each facial image. Then, we construct 2,926 geometrical facial features. As the number of these features is too large, we used the data mining approach mRMR to select some salient geometrical features for these three ethnical groups and then 195 salient features are selected. One can find that these salient features are mainly located in a “T” region and then three types of “T” regions are constructed. We believe the features in these “T” regions are more important for ethnical group recognition. In next section, we demonstrate the effectiveness of the proposed framework.

 

6 EXPERIMENTAL RESULTS

In this section, we conduct several experiments on the face images of Uygur, Tibetan, and Korean, and four types regions, that is, “0,” “T1,” “T2,” and “T3,” are established to extract ethnic salient features via using the data mining technique mRMR. The captured face images are first preprocessed, in which the faces are aligned and the illuminations are normalized. The effectiveness of the extracted features is then verified by using several different norms.

The performances of ethnicity recognition models on different “T” regions are evaluated by several different criteria, which include the true positive rate (TPR), false positive rate (FPR), Precision, Recall, and F‐measure defined in (Anselmo, 1991; Bouckaert et al., 2010; Han, Pei, & Kamber, 2011). Next, we first conduct experiments on different “T” regions and validate the effectiveness of the proposed approach.

6.1 The effectiveness of the three “T” regions

In this section, the coefficient number K is set to be 90, and the L₂ norm is applied in SR. Table 2 lists the results obtained based on different types of “T” regions. It can be seen that the result in the region of “T3” is the best among all regions. It indicates that the “T” region surrounded by eyes, eyebrows, nose, and mouth is more effective for ethnicity recognition than other “T” regions. Meanwhile, the results show that the region O is the worst in all regions, which is because the holistic facial images contain too much identity information rather than ethnic group features. Therefore, the SR based on local features is an effective approach to solve facial ethnic recognition. We believe the core contribution of “T” region via data mining plays an important role.

Table 2. The results based on various “T” regions

6.2 Parameter selection

In order to study the influence of norms and K‐neighbors, a series of different norms and K‐neighbors are selected to identify ethnicities, and the recognition performances are compared based on the features from different facial regions. Specifically, the norms of L₀, L₁, and L₂ are adopted to evaluate recognition performance and the accuracy curves are plotted in Figure 10, Figure 11, and Figure 12, respectively.

The error distance (err) from the testing sample to its k‐nearest neighbors could serve as an important reference for facial ethnic description. As illustrated in Figure 14, the error distance err of a testing sample to the ethnic of Uyghur male is 0.01992, which means the most possible ethnic category of this sample is Uyghur. It can be seen from Figure 13, the k‐nearest neighbors of this testing sample belong to several different ethnicities, its ethnicity could be estimated more precisely based on the error distance err. Therefore, the ethnicity recognition depends on ethnic features in the constructed “T” region. It should be reminded that the error distance in the software platform is normalized for easy use.

6.4 The investigation of the “T” region for face recognition

In previous section, one can see that the facial “T” region has shown its effectiveness in ethnicity recognition. Thus, it is straightforward to ask whether it is also useful for face recognition. In order to answer this question, some experiments of face recognition are conducted on olivetti research laboratory (ORL) database Figure 15 (Samaria, Harter & Harter, 1994). ORL database includes 400 face images of 40 persons with minor pose variations, and has been used for face recognition algorithm evaluation for decades. Since it is lack of pattern variation, the recognition rates for many face recognition systems have exceeded 90%.

The facial images of ORL database are divided into training and testing set, and the feature vectors are extracted from “T3” and “O” regions separately. The fast sparse classification based on k‐nearest neighbors is also used to perform face recognition, and the results are shown in Figure 16 and Table 3. It can be seen clearly that recognition rate obtained based on holistic face (“O” region) is much better than that obtained based on local region (“T3” region). When k = 90, the recognition rate based on “T3” region is only 63% but the accuracy based on holistic face has reached 90%. In fact, the performance achieved based on “T3” region never exceeds 70%, no matter how many neighbors are taken into consideration.

Table 3. Different T‐zone recognition results for olivetti research laboratory datasets

from: https://onlinelibrary.wiley.com/doi/full/10.1002/widm.1278

Tech giants have published security advisories and blog posts in response to the Microarchitectural Data Sampling (MDS) vulnerabilities affecting most Intel processors made in the last decade.

Remedy? The microcode updates, like previous patches, would have an impact on processor performance.

The vulnerabilities are related to speculative execution and they can be exploited for side-channel attacks. Researchers started reporting the flaws to Intel in June 2018, but the chip maker said its own researchers found them first. Nevertheless, in addition to its own employees, Intel has credited researchers from several universities and companies for the security holes.

Researchers named the new attack methods

• ZombieLoad
• RIDL (Rogue In-Flight Data Load)
• Fallout
• Store-to-Leak Forwarding.

Intel has assigned them the following names and CVEs:

• Microarchitectural Fill Buffer Data Sampling (MFBDS, CVE-2018-12130)
• Microarchitectural Store Buffer Data Sampling (MSBDS, CVE-2018-12126)
• Microarchitectural Load Port Data Sampling (MLPDS, CVE-2018-12127)
• Microarchitectural Data Sampling Uncacheable Memory (MDSUM, CVE-2018-11091)

The attack methods pose a threat to both PCs and cloud environments, and they allow hackers to get applications, the operating system, virtual machines and trusted execution environments to leak information, including passwords, website content, disk encryption keys and browser history. Attacks can be launched both by a piece of malware present on the targeted system and from the internet.

However, Intel says exploitation in a real-world attack is not an easy task and the attacker may not be able to obtain valuable information even if the exploit is successful.

The products of several major tech companies are impacted by the flaws and most of them have already published blog posts and advisories providing information on their impact and the availability of patches and mitigations.

Intel

Intel says its newer products, such as some 8th and 9th generation Core processors and 2nd generation Xeon Scalable processors, address these vulnerabilities at hardware level. Some of the other affected products have received or will receive microcode updates that should mitigate the flaws. The company has published a technical deep dive and a list that users can check to see if their processors will receive microcode updates.

Intel says the mitigations should have minimal performance impact for a majority of PCs, but performance may be impacted in the case of data center workloads.

Disabling hyper-threading on vulnerable CPUs should prevent exploitation of the vulnerabilities.

Apple

Apple informed customers that macOS Mojave 10.14.5 and Security Update 2019-003 for Sierra and High Sierra include the option to enable full mitigation for the MDS attacks. Mojave 10.14.5 also includes a Safari update that should prevent exploitation from the internet.

Microsoft

Microsoft has started releasing software updates for Windows and deployed server-side fixes to its cloud services to mitigate the vulnerabilities. The company has pointed out that in addition to software updates, firmware updates are also required for full protection against attacks.

Microsoft has also released a PowerShell script that users can run on their systems to check the status of speculative execution mitigations.

Google

Google has made available a page where users are informed about the actions they need to take depending on the products they have. The internet giant says its infrastructure, G Suite, and Google Cloud Platform products and services are protected against attacks, but some cloud users may need to take action.

The company says a vast majority of Android devices are not impacted. In the case of Chrome OS devices, Google has disabled hyper-threading by default starting with version 74 and additional mitigations will be available in Chrome OS 75.

VMware

VMware told users that the vulnerabilities impact its VMware vCenter Server
, vSphere ESXi, Workstation, Fusion, vCloud Usage Meter, Identity Manager, vCenter Server, vSphere Data Protection, vSphere Integrated Containers, and vRealize Automation products.

The company provides hypervisor-specific mitigations and hypervisor-assisted guest mitigations for the impacted products. These mitigations involve software updates and patches from VMware.

VMware pointed out that exploitation of the flaws requires local access to the targeted virtual machine and the ability to execute code.

IBM

IBM says it’s rolling out the microcode updates from Intel and mitigations to its cloud services. The company told users that its POWER processors are not impacted by the MDS vulnerabilities.

Citrix

Citrix says full mitigation of the Intel chip vulnerabilities involves updates to the Citrix hypervisor and updates to the CPU microcode. The company has released a hotfix for XenServer 7.1, which includes both hypervisor and CPU microcode updates, and it plans on releasing similar hotfixes for other affected products.

Oracle

A blog post from Oracle describes the impact of the flaws on the company’s hardware, operating systems, and cloud services. X86-based systems need to be assessed by their administrators and Oracle Engineered Systems customers will receive specific guidance from the company.

Oracle SPARC servers and Solaris on SPARC are not impacted, but Solaris on x86 systems is affected. Patches have been released by Oracle for Oracle Linux and VM Server products.

AWS

Amazon Web Services (AWS) said on Tuesday that it had deployed protections for MDS attacks to all its infrastructure and no action is required from users. The company has released updated kernels and microcode packages for Amazon Linux AMI 2018.3 and Amazon Linux 2.

Xen Project

The Xen Project says systems running all versions of Xen are affected by the vulnerabilities if they use x86 Intel processors.

Linux distributions

Advisories for the MDS vulnerabilities in Intel processors have been published by Linux kernel developers, Red Hat, Debian, Ubuntu and SUSE. Linux distributions have already started rolling out updates that should mitigate the flaws.

Hardware manufacturers

Many hardware manufacturers whose products use Intel processors are likely affected by the ZombieLoad and RIDL vulnerabilities. However, so far, only Lenovo and HP appear to have started releasing firmware patches for their devices.

from: https://www.securityweek.com/intel-mds-vulnerabilities-what-you-need-know

***

New secret-spilling flaw affects almost every Intel chip since 2011

Security researchers have found a new class of vulnerabilities in Intel chips which, if exploited, can be used to steal sensitive information directly from the processor.,

The bugs are reminiscent of Meltdown and Spectre, which exploited a weakness in speculative execution, an important part of how modern processors work. Speculative execution helps processors predict to a certain degree what an application or operating system might need next and in the near-future, making the app run faster and more efficient. The processor will execute its predictions if they’re needed, or discard them if they’re not.

Both Meltdown and Spectre leaked sensitive data stored briefly in the processor, including secrets — such as passwords, secret keys and account tokens, and private messages.

Now some of the same researchers are back with an entirely new round of data-leaking bugs.

“ZombieLoad,” as it’s called, is a side-channel attack targeting Intel chips, allowing hackers to effectively exploit design flaws rather than injecting malicious code. Intel said ZombieLoad is made up of four bugs, which the researchers reported to the chip maker just a month ago.

Almost every computer with an Intel chips dating back to 2011 are affected by the vulnerabilities. AMD and ARM chips are not said to be vulnerable like earlier side-channel attacks.

ZombieLoad takes its name from a “zombie load,” an amount of data that the processor can’t understand or properly process, forcing the processor to ask for help from the processor’s microcode to prevent a crash. Apps are usually only able to see their own data, but this bug allows that data to bleed across those boundary walls. ZombieLoad will leak any data currently loaded by the processor’s core, the researchers said. Intel said patches to the microcode will help clear the processor’s buffers, preventing data from being read.

Practically, the researchers showed in a proof-of-concept video that the flaws could be exploited to see which websites a person is visiting in real-time, but could be easily repurposed to grab passwords or access tokens used to log into a victim’s online accounts.

Like Meltdown and Spectre, it’s not just PCs and laptops affected by ZombieLoad — the cloud is also vulnerable. ZombieLoad can be triggered in virtual machines, which are meant to be isolated from other virtual systems and their host device.

Daniel Gruss, one of the researchers who discovered the latest round of chip flaws, said it works “just like” it does on PCs and can read data off the processor. That’s potentially a major problem in cloud environments where different customers’ virtual machines run on the same server hardware.

Although no attacks have been publicly reported, the researchers couldn’t rule them out nor would any attack necessarily leave a trace, they said.

What does this mean for the average user? There’s no need to panic, for one.

These are far from drive-by exploits where an attacker can take over your computer in an instant. Gruss said it was “easier than Spectre” but “more difficult than Meltdown” to exploit — and both required a specific set of skills and effort to use in an attack.

But if exploit code was compiled in an app or delivered as malware, “we can run an attack,” he said.

There are far easier ways to hack into a computer and steal data. But the focus of the research into speculative execution and side channel attacks remains in its infancy. As more findings come to light, the data-stealing attacks have the potential to become easier to exploit and more streamlined.

But as with any vulnerability where patches are available, install them.

Intel has released microcode to patch vulnerable processors, including Intel Xeon, Intel Broadwell, Sandy Bridge, Skylake and Haswell chips. Intel Kaby Lake, Coffee Lake, Whiskey Lake and Cascade Lake chips are also affected, as well as all Atom and Knights processors.

But other tech giants, like consumer PC and device manufacturers, are also issuing patches as a first line of defense against possible attacks.

Computer makers Apple and Microsoft and browser makers Google have released patches, with other companies expected to follow.

In a call with TechCrunch, Intel said the microcode updates, like previous patches, would have an impact on processor performance. An Intel spokesperson told TechCrunch that most patched consumer devices could take a 3 percent performance hit at worst, and as much as 9 percent in a datacenter environment. But, the spokesperson said, it was unlikely to be noticeable in most scenarios.

And neither Intel nor Gruss and his team have released exploit code, so there’s no direct and immediate threat to the average user.

But with patches rolling out today, there’s no reason to pass on a chance to prevent such an attack in any eventuality.

from: https://techcrunch.com/2019/05/14/zombieload-flaw-intel-processors/

The Russia-linked threat group known as Turla has been using a sophisticated backdoor to hijack Microsoft Exchange mail servers, ESET reported on Tuesday.

The malware, dubbed LightNeuron, allows the attackers to read and modify any email passing through the compromised mail server, create and send new emails, and block emails to prevent the intended recipients from receiving them.

According to ESET, LightNeuron has been used by Turla — the group is also known as Waterbug, KRYPTON and Venomous Bear — since at least 2014 to target Microsoft Exchange servers. The cybersecurity firm has analyzed a Windows version of the malware, but evidence suggests a Linux version exists as well.

ESET has identified three organizations targeted with LightNeuron, including a Ministry of Foreign Affairs in an Eastern European country, a regional diplomatic organization in the Middle East, and an entity in Brazil. ESET became aware of the Brazilian victim based on a sample uploaded to VirusTotal, but it has not been able to determine what type of organization has been targeted.

The company’s researchers have determined that LightNeuron leverages a persistence technique not used by any other piece of malware, a transport agent. Transport agents are designed to allow users to install custom software on Exchange servers.

The malware runs with the same level of trust as spam filters and other security products, ESET said.

As for command and control (C&C), the malware is controlled by attackers using emails containing specially crafted PDF documents or JPG images. The malware can recognize these emails and extract the commands from the PDF or JPG files.

The commands supported by LightNeuron allow attackers to take complete control of a server, including writing and executing files, deleting files, exfiltrating files, executing processes and commands, and disabling the backdoor for a specified number of minutes.

Last year, ESET detailed a backdoor used by Turla to target Microsoft Outlook. That piece of malware had also used PDF files attached to emails for command and control purposes.

ESET has linked LightNeuron to Turla based on several pieces of evidence, including the presence of known Turla malware on compromised Exchange servers, the use of file names similar to ones known to be used by the group, and the use of a packer exclusively utilized by the threat actor.

In an APT trends report published last year by Kaspersky Lab, the Russian cybersecurity firm also mentioned LightNeuron and attributed it with medium confidence to Turla. Kaspersky had spotted victims in the Middle East and Central Asia.

ESET also noticed that the compromised Exchange servers received commands mostly during work hours in UTC+3, the Moscow time zone. Furthermore, the attackers apparently took a break between December 28, 2018, and January 14, 2019, when many Russians take time off to celebrate the New Year and Christmas.

from: https://www.securityweek.com/turla-uses-sophisticated-backdoor-hijack-exchange-mail-servers

A Chinese threat actor was spotted using a tool attributed to the NSA-linked Equation Group more than one year prior to it being leaked by the mysterious Shadow Brokers, Symantec revealed on Monday.

The Chinese cyber espionage group is tracked as Buckeye, APT3, UPS Team, Gothic Panda, and TG-0110, and it has been linked by researchers to the Chinese Ministry of State Security. The threat actor had been active since at least 2009 before it apparently ceased operations in mid-2017.

In late November 2017, the US government announced charges against three Chinese nationals for attacks launched by the hacker group against Siemens, Trimble, and Moody’s Analytics.

Buckeye’s attacks involved several pieces of malware, including a backdoor implant known as DoublePulsar and an exploit tool, dubbed Bemstour, that had been used to deliver the backdoor.

DoublePulsar became widely known in April 2017, when it was leaked by the Shadow Brokers group.

The Shadow Brokers announced in August 2016 that it had hacked the Equation Group, a threat actor widely believed to be sponsored by the U.S. National Security Agency (NSA). Over the coming months, the Shadow Brokers leaked many tools obtained from Equation Group and apparently attempted to make a profit by selling and auctioning the stolen data.

However, Symantec now says it has found evidence that Buckeye used a variant of DoublePulsar as early as March 2016 in an attack aimed at Hong Kong — that is more than one year before DoublePulsar was leaked by Shadow Brokers.

Buckeye’s DoublePulsar appeared to be newer than the one leaked by Shadow Brokers as it was designed to target newer versions of Windows, including Windows 8.1 and Server 2012 R2.

“Based on the timing of the attacks and the features of the tools and how they are constructed, one possibility is that Buckeye may have engineered its own version of the tools from artefacts found in captured network traffic, possibly from observing an Equation Group attack. Other less supported scenarios, given the technical evidence available, include Buckeye obtaining the tools by gaining access to an unsecured or poorly secured Equation Group server, or that a rogue Equation group member or associate leaked the tools to Buckeye,” Symantec said in a blog post.

Interestingly, despite Buckeye apparently no longer being active since mid-2017, its DoublePulsar variant was still spotted in September 2018. Furthermore, threat actors apparently continued to improve Bemstour, with the latest sample found by Symantec dated March 23, 2019.

“It may suggest that Buckeye retooled following its exposure in 2017, abandoning all tools publicly associated with the group. However, aside from the continued use of the tools, Symantec has found no other evidence suggesting Buckeye has retooled. Another possibility is that Buckeye passed on some of its tools to an associated group,” Symantec explained.

Buckeye had been known to use zero-day vulnerabilities in its attacks. According to Symantec, Bemstour uses two Windows vulnerabilities for remote kernel code execution: CVE-2017-0143, a Windows SMB code execution flaw patched by Microsoft in March 2017, and CVE-2019-0703, a Windows SMB information disclosure bug that Microsoft addressed with its March 2019 Patch Tuesday updates. Buckeye had exploited both of these flaws before fixes were released.

Symantec reported CVE-2019-0703 to Microsoft in September 2018. It’s worth noting, however, that Microsoft’s advisory for CVE-2019-0703 indicates that the company has no evidence of exploitation.

UPDATE. Microsoft has confirmed to SecurityWeek that CVE-2019-0703 has been exploited in attacks. The company blamed a clerical error and it has updated its advisory.

from: https://www.securityweek.com/chinese-hackers-used-nsa-tool-year-shadow-brokers-leak