Hackers are penetrating U.S. nuclear facilities - Axios

Hackers are penetrating U.S. nuclear facilities

Rebecca Zisser / Axios

Hackers have been penetrating the computer networks of nuclear facilities in the U.S. since May by sending what appear to be legitimate resumes that contain malware and by compromising frequently visited web sites, the Department of Homeland Security and FBI said in a report obtained by the New York Times.

  • The good news: A DHS spokesperson told Axios there's "no indication of a threat to public safety" since the hacks appeared to be isolated in the administrative and business side of the nuclear facilities, not reaching control panels (indeed, one affected facility said no "operations systems" were impacted).
  • The bad news: Stephen Boyer, co-founder of cybersecurity ratings company BitSight, said it's possible code could be sitting dormant to gather intel on how to launch attacks in the future. And if U.S. nuclear facilities are successfully compromised, it could lead to fires, explosions, or spills of dangerous materials. Plus, as an expert on geopolitical issues framed it, other hackers might be watching what the U.S. tries to secure now, which could tip them off for what to target next.

Why this matters: In a "nightmare scenario," according to Barracuda Networks Vice President Asaf Cidon, since a cyber attack on a nuclear plant could "heavily disrupt a critical infrastructure with a click of a mouse."

Breakdown of the attacks

  • The magnitude: The hackers hit at least a dozen U.S. power plants, per Bloomberg.
  • The hack: One of the hacks used, the resume hack, is pretty old and simple but allows you to "see all the communications on the computer ... and infect other computers," Cidon said.

One key thing

It could be Russia: Energy Secretary Rick Perry said Tuesday the hackers "may be state-sponsored" or just "criminal elements" looking for vulnerabilities. Boyer told Axios the way the government refers to the hackers (advanced persistent threats) is a "code word" for nation-state. According to Bloomberg, the chief suspect is Russia, which is concerning since Russian hackers have successfully knocked out Ukraine's power grid before. But one expert on cybersecurity issues told Axios he didn't agree with this assessment since "it's sloppy in the way it was executed…if it was state-sponsored...the ultimate goal" is to stay under the radar.

How facilities can protect themselves

  • Secure facilities: Cidon said it would cost a nuclear facility, depending on its size, anywhere from tens of thousands of dollars to hundreds of thousands of dollars to secure its network, what he calls "a drop in the bucket" compared to the potential consequences of leaving this critical infrastructure unsecured.
  • Separate business and nuclear operations: Especially for critical infrastructure, keeping networks separate is crucial since it's "really hard to do damage to a nuclear facility until you reach the control system," Boyer said.
  • Be careful of protocol: When Russia hacked Ukraine's electrical grid it did so through employees remotely logging into the grid network. (More on that via Wired.)
  • Be wary of vendors: If they get infected with malware, it could affect the nuclear facility as well.
  • Share info: "One of the best defenses is sharing the information" when you've been hacked, Boyer said, especially when it looks like a coordinated, targeted campaign.

Trump offers White House job to Anthony Scaramucci

Andrew Harnik / AP

President Trump is bringing Anthony Scaramucci into the White House for a leadership role in his communications team, two sources familiar with the decision confirm.
Reince Priebus and Steve Bannon fought hard to stop this from happening, but Trump made up his own mind with the full support of Jared and Ivanka, and Hope Hicks. The senior team met with Scaramucci in the Oval Office this morning to hash it out.

Lyft will develop its own autonomous driving tech

Lazaro Gamio / Axios

Doubling down on its investment in self-driving cars, ride-hailing company Lyft is set to open a new office in Silicon Valley that will focus on autonomous driving tech. Named after the highest level of autonomous driving — Level 5 — the facility will house several hundred employees by the end of 2017.

In-house tech: Until now, Lyft's self-driving car efforts have been limited to working with other technology makers by providing them access to its ride-hailing network and data via its Open Platform. But now the company plans to develop its own technologies to tackle mapping, perception, localization, path planning, and motion control. Already, 10% of the company's engineers are working on autonomous driving tech, says Lyft.

Why it matters: Lyft's new move is not only a significant increase in its investment in self-driving cars, but it's also turning into a more direct competitor to its partners like Waymo and GM, which are developing their own versions of autonomous driving tech.

Open approach: Lyft says it plans to make some of its technology and resources available to its platform partners. It also plans to contribute to the broader industry by publicly releasing some data, publishing research papers, and opening access to its network for research, according to Luc Vincent, Lyft's head of autonomous driving, though it's not made concrete plans yet.

Future drivers: Lyft says that it will always employ drivers in some capacity even when self-driving cars become a reality—either to drive in situations in which autonomous systems can't, or to fulfill other functions. This echoes the predictions of other tech leaders, who have said that while self-driving cars will eliminate driving jobs, they will give rise to a slew of new jobs.

Planned testing: Lyft says it's still on track to roll out a pilot program in partnership with self-driving car startup nuTonomy later this year in Boston. It's also still planning to debut a program with GM, though it's unclear when this will happen. Company execs also declined to comment on Lyft's plans to get a self-driving car testing permit for its home state of California.


Attorney in Trump Jr. meeting represented Russia's FSB

Alexander Zemlianichenko / AP

Russian court documents, obtained by Reuters, reveal that Natalia Veselnitskaya, the Russian lawyer who met with Donald Trump Jr. last June, had "successfully represented" Russia's Federal Security Service (FSB) in a legal battle over ownership of property in Moscow between 2005 and 2013.

  • Why it matters: As Reuters points out, the FSB is "the successor to the Soviet-era KGB service, [and] was headed by Vladimir Putin before he became Russian president."
  • The discovery of the FSB as a client of Veselnitskaya's doesn't necessarily mean she worked for the Russian government or its intelligence agencies, which Veselnitskaya has repeatedly denied.
  • Earlier this week, Veselnitskaya told Russian state media RT that she is "ready to testify" before Congress to help dispel "the mass hysteria."

Tech's gender troubles will remain if leaders deny the problem

Lazaro Gamio / Axios

It's hard to see how much Silicon Valley will clean itself up when some of the biggest names in the industry still profess ignorance of the problem.

"I did not know there was any discrimination," venture capitalist Vinod Khosla said at a Commonwealth Club event on Thursday, according to Recode. Khosla also maintained that harassment in tech is rarer than in most other industries.

Most recent reports: The comments came the same day that yet another woman stepped forward to say she was harassed by a venture capitalist. TechCrunch's Catherine Shu wrote about a 2015 incident in which she said she was propositioned and groped by 500 Startups' Tristan Pollock.

You'll recall that 500 Startups founder Dave McClure has already resigned as a general partner after multiple harassment allegations and issued a public apology. And 500 Startups is far from alone, even among reported instances.

Klawe's advice: Indeed things are so bad that Harvey Mudd College president Maria Klawe — a driving force behind getting more women into computer science — has advised young women to consider avoiding Silicon Valley startups.

"For ages, we've been talking to students about whether they want to go to startups or not because they tend to have virtually no HR," Klawe told CNBC. "If something goes wrong, it's a matter of luck whether you have management that cares about these issues."


Tucker Carlson: Trump is "a 71-year-old political novice"

Richard Drew / AP

President Trump said that if he had known Jeff Sessions would recuse himself from the Russia investigation, he would have hired someone else to serve as Attorney General, per his NYT interview. The comment did not go unnoticed by one of Trump's usual supporters, Fox News' Tucker Carlson — but instead of defending the president, Carlson criticized Trump ("a 71-year-old political novice") for turning against whom he believes is the one loyal member of his cabinet.

"Attacking Jeff Sessions was still a useless, self-destructive act," Carlson said. "Sessions is the closest ally Trump has in this administration. ... [he's] the rare person in the entire executive branch making actual progress implementing the agenda his boss ran on."

"And in an administration brimming with opportunists and ideological saboteurs ... Sessions is likely the most effective member of the cabinet," Carlson said. "And in return, the president attacked him in the failing New York Times."


Y Combinator raising $1 billion for new fund

Rebecca Zisser / Axios

Silicon Valley startup accelerator Y Combinator is raising up to $1 billion for a new venture capital fund, Axios has learned from multiple sources. No word yet on when it is expected to close. YC is also making changes to its investment organization.

Why it matters: Y Combinator is one of the most influential startup entities in Silicon Valley, having incubated such companies as Airbnb, Dropbox and Stripe. But, at it's core, it's an investor — so it's no surprise to see it evolve and expand its reach.

Details, per sources:

  • Merger: This is technically for YC's second Continuity fund, the first of which was a $700 million vehicle designed to invest in later-stage rounds of companies incubated by YC. But YC has decided to merge its existing early-stage investment program with its later-stage fund, so the $1 billion would go toward both.
  • Inside and out: YC has strayed a bit from its original Continuity mission, in that it's now willing to selectively back companies that didn't participate in its accelerator program (something it originally said it would not do). So far it's only done one such deal, which remains unannounced, but more could come. This puts YC more squarely in competition with traditional VC funds that usually invest in startups after they've completed the accelerator program.
  • Seats at the table: All full-time YC partners have equal economics in the funds, with everyone invited to investment meetings. The actual investment committee, however, is only three people: YC president Sam Altman, YC Continuity CEO Ali Rowghani and Continuity Fund partner Anu Hariharan. There was originally a fourth seat representing the rest of the YC partners collectively, but it has been eliminated, in part, to streamline signature approvals.
  • Still marketing: YC declined comment when contacted by Axios.

Amazon is under investigation for inflating its prices

Peter Wynn Thompson / AP

The Federal Trade Commission is looking into claims that Amazon was deceptive about its pricing discounts, reports Reuters, citing a source close to the investigation. The probe, which was spurred by a complaint from the advocacy group Consumer Watchdog, is part of the FTC's review of Amazon's agreement to acquire Whole Foods.

In a letter to the FTC, the group alleged that Amazon had been inflating the list prices on roughly 46% of its products, making Amazon's prices look like a bargain. As a result, Consumer Watchdog asked the FTC to stop Amazon from purchasing Whole Foods while the deceptive pricing continued. Amazon hit back and said the conclusions the Consumer Watchdog reached from its analysis are "flat out wrong."

Why it matters: Critics argue that Amazon's agreement to buy Whole Foods would give the e-commerce giant an unfair advantage over competitors. While there isn't an obvious antitrust angle for blocking the acquisition, other red flags raised by critics, like this one, could slow down the review.


Report: U.S. to ban Americans from traveling to North Korea

Wong Maye-E / AP

The US plans to ban Americans from traveling to North Korea on July 27, according to Koryo Tours and Young Pioneer Tours, which operate tours in North Korea and talked to BBC. The tour groups said they were informed by the Swedish embassy.

Timing: This comes shortly after American student Otto Warmbier was released from his 18-month sentence in a North Korean prison, after which he was in a coma and died days after returning to the states. It has not been confirmed that this is the reason for the ban.

UPDATE: A State Department spokeswoman confirmed that the State Department will be banning U.S. travel to North Korea and that there will be a noticed published next week, according to Time's Zeke Miller.


Russian minister: Trump and Putin may have held other G20 meetings

Evan Vucci / AP

Russian Foreign Minister Sergey Lavrov told NBC's Keir Simmons Friday that President Trump and Vladimir Putin may have held additional, undisclosed meetings at the G-20 summit last month.

"They might have met even much more than just three times," said Lavrov. "When you are brought by your parents to a kindergarten, do you mix with the people who are waiting in the same room to start going to a classroom?"

Why it matters: Many of Trump's top aides are concerned with how the president is openly embracing Russia, and have said that Trump's extended dinner meeting with Putin raises red flags. But while Washington is wary of the two leaders' close relationship, Lavrov has dismissed it as no big deal: "After the dinner was over … I was not there … President Trump apparently went to pick up his wife and spent some minutes with President Putin…so what?"


Protests against Poland's strike on independent judges

Poznan, Poland (@OnetWiadomosci via Twitter).

Strains of populism continue to rend Europe, as a Polish government move to weaken judicial independence triggered protesting crowds on Thursday night estimated at nearly 100,000 in Warsaw and other Polish cities, per Buzzfeed.

  • The protests broke out after the Sejm, the Polish parliament, okayed a bill that would compel all 83 of the country's Supreme Court judges to resign, apart from those appointed by the ruling Law and Justice Party. They would then be replaced by the Minister of Justice. The bill must now be approved by the Senate, which could vote as early as today, and signed by President Andrzej Duda.
  • Critics say the move will be fatal stroke against Polish democracy. Duda has disputed that, and attempted to compromise by saying he will veto any bill that excludes a 60% threshold for the approval of any new judge. But some EU officials say that, should the bill become law, Poland could trigger a suspension of its voting rights within the EU.
  • Why it matters: Along with Hungary, Poland has been drifting further and further away from the democracy established a quarter century ago with Eastern Europe's break from the Soviet Union. Their shift, along with Brexit, is complicating unity on hard political questions within the already-fractious EU.