Batterie Store Blog

Rights activists, journalists and lawyers around the world have been targeted with phone malware sold to authoritarian governments by an Israeli surveillance firm, media reports say.

They are on a list of up to 50,000 phone numbers of people believed to be of interest to clients of the company, NSO, leaked to major news outlets.

It is not clear where the list came from – or whose phones had actually been hacked.

NSO denies any wrongdoing.

It says the software is intended for use against criminals and terrorists and is made available only to military, law enforcement and intelligence agencies from countries with good human rights records.

In a statement, it said the original investigation which led to the reports, by Paris-based NGO Forbidden Stories and the human rights group Amnesty International, was “full of wrong assumptions and uncorroborated theories”.

‘I was a victim of the WhatsApp hack’
Stalking software is ‘on the rise’
The allegations about use of the software, known as Pegasus, were carried on Sunday by the Washington Post, the Guardian, Le Monde and 14 other media organisations around the world.

Pegasus infects iPhones and Android devices to enable operators to extract messages, photos and emails, record calls and secretly activate microphones.

Forensic tests on a few phones with numbers on the list indicated more than half had traces of the spyware.

Some 180 journalists are said to be on the list, from organisations such as Agence France-Presse, CNN, the New York Times, Al Jazeera and many other news outlets.

They also include two women close to the murdered Saudi journalist Jamal Khashoggi and a Mexican journalist named Cecilio Pineda Birto, who was murdered at a carwash.

The wider list also includes heads of state and government, members of Arab royal families and business executives.
The allegations here are not new but what is new is the scale of the targeting of innocent people that’s allegedly taking place. Nearly 200 reporters from 21 countries have their phone numbers on this list and more names of high-profile public figures are expected to be revealed.

There are plenty of unknowns in these allegations – including where the list comes from and how many of the phone numbers were actively targeted with spyware. NSO Group have once again come out swinging and deny all accusations but it’s a blow for the company that is actively trying to reform its reputation.

Only two weeks ago they released their first “transparency report” detailing human right policies and pledges. Amnesty International brushed the 32-page document off as a “sales brochure”.

These latest allegations will do further damage to its image, but they won’t hurt the company financially. There are very few private companies able to produce the sort of invasive spy tools that NSO sells, and clearly the largely unregulated market for the software is booming.

Presentational grey line
More details about who has been targeted are expected to be released in the coming days.

WhatsApp sued NSO in 2019, alleging the company was behind cyber-attacks on 1,400 mobile phones involving Pegasus.

At the time, NSO denied any wrongdoing, but the company has been banned from using WhatsApp.

WhatsApp is testing a new feature that will let people message without using their phone for the first time.

At present, WhatsApp is linked to a user’s phone. Its desktop and web apps need that device to be connected and receiving messages.

But the new feature will let users send and receive messages “even if your phone battery is dead”.

Up to four other devices – like PCs and tablets – can be used together, WhatsApp said.

To begin with, the new feature will be rolled out as a beta test for a “small group of users”, and the team plans to improve performance and add features before enabling it for everyone.

End-to-end encryption – a key selling point for WhatsApp – will still work under this new system, it said.

Several other messaging apps already have such a feature, including rival encrypted app Signal, which requires a phone for sign-up, but not to exchange messages.

But the feature has long been requested by WhatsApp users – of which there are a reported two billion.

‘A rethink’
In a blog post announcing the move, Facebook engineers said the change needed a “rethink” of WhatsApp’s software design.

That is because the current version “uses a smartphone app as the primary device, making the phone the source of truth for all user data and the only device capable of end-to-end encrypting messages for another user [or] initiating calls”, the company said.

WhatsApp Web and other non-smartphone apps are essentially a “mirror” of what happens on the phone.

But that system has significant drawbacks familiar to many regular users, as the web app is known to frequently disconnect.

The BBC is not responsible for the content of external sites.
View original tweet on Twitter
It also means that only one so-called “companion app” can be active at a time – so loading WhatsApp on another device will disconnect a WhatsApp web window.

“The new WhatsApp multi-device architecture removes these hurdles, no longer requiring a smartphone to be the source of truth, while still keeping user data seamlessly and securely synchronised and private,” the company said.

WhatsApp launches privacy campaign after backlash
Should encryption be curbed to combat child abuse?
On a technical level, the solution was giving every device its own “identity key”, and WhatsApp keeps a record of which keys belong to the same user account. That means it does not need to store messages on its own server, which could lead to privacy concerns.

But Jake Moore, a security specialist at anti-virus-company Eset, said that no matter how robust the security is, having messages on more devices could still be a concern.

“There will always be a malicious actor looking to create a workaround,” he said.

“Domestic abusers and stalkers could now have the potential of using this new feature to their advantage, by creating additional endpoints in order to capture any synchronised private communications.”

He also said that social engineering is an “ever-increasing” threat, and the responsibility lies with the user to keep an eye out for potential misuse.

“It is therefore vital that people are aware of all the devices that are connected to their account,” he warned.

Microsoft has announced a new “cloud PC” product where users can stream a Windows device from anywhere.

Windows 365 will work similarly to game streaming – where the computing is done in a data centre somewhere remotely and streamed to a device.

That means all sorts of devices – including tablets or Apple Macs – can stream a full Windows desktop PC.

It is being sold to businesses to begin with, as many firms move to a mix of office and remote working.

Microsoft is marketing the new way of using a PC as “hybrid Windows for a hybrid world”.

The company says that every user’s apps and settings will boot instantly from any device – allowing personalised Windows PCs to be accessed from anywhere.

“The Windows experience is consistent, no matter the device,” the announcement promised.

“You can get the same work done on a laptop in a hotel room, a tablet from their car between appointments, or your desktop while you’re in the office.”

The BBC is not responsible for the content of external sites.
View original tweet on Twitter
It will launch in August for business customers “of all sizes”, Microsoft said. To begin with, it will stream a version of Windows 10 – but the successor, Windows 11, will also be available once it launches.

There is no news on whether a personal product will follow. However, Microsoft has been moving towards a subscription model for its man services for nearly a decade.

Microsoft Office began marketing subscription licences with Office 2013, which was launched alongside Office 365, as the subscription version is known. It now makes more money than its single-purchase desktop-bound version.

Microsoft unveils Windows 11
Is Skype being ‘killed off’ by Microsoft?
Microsoft Windows’ blue screen of death goes black
Similarly, Microsoft has been championing the ongoing subscription model in its gaming division. Its Xbox Games Pass service has largely won over sceptical gamers, providing a range of titles to download and play for a monthly fee. It has recently added game streaming, using similar technology to this new version of Windows.

The backbone of the service already existed, using Microsoft’s widely-used Azure platform and existing virtualisation technology.

The downside to such services is that their long-term cost for individuals is often much higher than a one-off purchase.

Microsoft has also dramatically lowered the price of Windows for many customers. Where once it was sold on discs at computer stores for a significant cost, the company has offered customers free upgrades from one version to another for many years, and will do the same for Windows 11.

Instead, Microsoft has sold Windows-related products such as OneDrive cloud storage and Office 365 subscriptions.

Websites for a Russian-linked ransomware gang blamed for attacks on hundreds of businesses worldwide have gone offline.

Monitors say a payment website and a blog run by the REvil group became suddenly unreachable on Tuesday.

The reason behind the disappearance is unknown, but has sparked speculation that the group may have been targeted deliberately by authorities.

It comes amid growing pressure between the US and Russia over cyber-crime.

US President Joe Biden said he raised the issue with Vlamidir Putin during a phone call on Friday, after discussing the subject during a summit with the Russian president in Geneva last month.

Mr Biden told reporters that he had “made it very clear to him…we expect them to act” on information and also hinted the US could take direct digital retaliation on servers used for intrusions.

The timing of Tuesday’s outage has sparked speculation that either the US or Russian officials may have taken action against REvil – though officials have so far declined to comment and cyber experts say sudden disappearances of groups are not necessarily uncommon.

The development comes after a series of high-profile ransomware attacks which have hit major US businesses this year.

The FBI accused REvil – also known as Sodinokibi – of being behind a ransomware attack on the world’s largest meat processing company JBS last month.

The ransomware surge ruining lives
Should paying hacker ransoms be illegal?
The group is considered prolific and last week demanded a huge bitcoin ransom for an attack which targeted IT firm Kaseya and hundreds more businesses worldwide.

REvil is one of the most prolific and feared of all ransomware gangs and if this really is the end, it’s extremely significant.

The rumour mill is in hyperdrive about what’s behind this sudden shutdown but one hacker who claims to be an affiliate of the gang gave me some insights. I’m yet to confirm his identity but other researchers say his claims are highly plausible.

He claims that the US “Feds took down” elements of their websites and so they pulled the plug on the rest of their operation. He also said there was pressure from the Kremlin too saying: “Russia is tired of the US and other countries crying to them.”

Like all hacker claims we have to take them with a large dollop of salt but if this scenario proves to be accurate, it shows a dramatic shift in policy from Russia which has so far been happy to sit back and let gangs like REvil operate without fear of intervention.

However another comment from my contact also hints at the bigger picture. He says he has no plans to retire and is already planning another unknown venture. “Make one go away, more will rise,” he warned.

Heathrow’s Terminal 5 saw long queues at security on Monday morning because of the absence of more than 100 staff.

The airport said the issue had arisen because the security staff were instructed to self-isolate by the NHS Test and Trace app.

Some passengers experienced lengthy queues from 06:00. Many complained that there was limited social distancing.

It comes as the government faces calls to bring forward changes to Covid self-isolation rules.

The disruption affected only Terminal 5 and did not involve Border Force officers.

Some passengers complained on Twitter about “total chaos” and posted pictures of large crowds at the terminal.

The BBC is not responsible for the content of external sites.
View original tweet on Twitter
One passenger, Kathryn Wylie, was travelling to Glasgow when she was caught up in the disruption. “It was manic,” she told the BBC.

“In Terminal 5, both security queues were backed up, with little being done to move people forward who had the closest upcoming flights.

“Luckily, one lady came through handing out water, but I’m not sure that went on very long.

“Once you finally got through to the security screening, there were maybe only two to four of the belts functioning, which made the whole process even more drawn out.”

Firms call for early end to self-isolation rules
Holiday bookings surge after quarantine relaxation
What travel rules will change by England’s school holidays?
Kathryn said that once she was on board the plane, its departure was delayed for another hour to allow people to get onto the flight who had not yet made it through security.

Keaton Stone, a BBC producer on The Sky at Night, also tweeted about the queues.

“Never seen Heathrow so busy!!!!” he said.The BBC is not responsible for the content of external sites.
View original tweet on Twitter
Most Covid restrictions are due to end on 19 July, however planned changes to self-isolation rules are not expected until 16 August at the earliest.

But many companies, especially in the hospitality and leisure sectors, say their reopening plans are in disarray due to the number of staff having to isolate because they have come into close contact with someone who has tested positive for Covid.

On Monday, business lobby group the CBI urged ministers to bring forward changes to the rules, saying it would help ensure reopening was a “confident” not “anxious” process.

A Heathrow spokesperson said: “Earlier today, we experienced some passenger congestion in Terminal 5 departures, due to colleagues being instructed to self-isolate by NHS Test and Trace.

“We have activated additional team members to assist passengers with their journeys and the operation has now returned to normal. We apologise to our passengers for any inconvenience caused.”

The Department for Health and Social Care has been approached for comment on the NHS test and Trace app.

If you are less focused on climbing the corporate ladder since the coronavirus crisis forced more of us to work from home, you are not alone.

That is according to a study by Aviva, which found 47% of employees were less career-focused because of the pandemic.

Around two in five people said they could never switch off from work.

“One result of this always-on, ever-present culture is that 40% of employees are concerned about work-related burnout,” the insurer said.

Half of people complained that the boundary between work and home had become “increasingly blurred”. And the impact of that has disproportionately affected women, with 46% concerned about burnout – compared to 35% of men.

Meanwhile, 24% of women said the pandemic had a negative impact on their work-life balance. That compares to 16% of men.

“The pandemic may have been a collective experience, but the impact has been fragmented in so many ways, with women especially facing particularly acute stresses from the blurring of lines between home and work,” Debbie Bullock, wellbeing lead at Aviva said.

The study of more than 2,000 employees of larger companies found that just 14% would favour returning to the office full time, with 15% saying they would prefer to work from home five days a week.

Gender divide
Men were more likely to favour a full return to the office, while more women said they would rather work from home full time.

Aviva said employers would need to “carefully examine” how they bring staff back to avoid deepening the gender divide between men and women.

It warned of “the risk that those – often women – with primary care roles for their children or parents are put under increasing strain”.

“The journey towards the workplace of the future has been accelerated by the pandemic,” Aviva’s Ms Bullock said.

“Employees will look for something in return to encourage them back to the office, and employers must ensure offices become a destination for collaborating, mentoring and socialising to rebuild relationships.”

Last month, dating app Bumble shut its offices for a week to combat workplace stress. Its 700 staff worldwide were told to switch off and focus on themselves.

One senior executive at the firm tweeted that founder Whitney Wolfe Herd had made the move “having correctly intuited our collective burnout”.

Microsoft is to give its non-executive staff a $1,500 (£1,080) bonus for their work during the pandemic.

The company told the BBC it was a symbol of appreciation “during a uniquely challenging year”.

It added: “We are proud to recognise our employees with a one-time monetary gift.”

In the first quarter of 2021 Microsoft’s profits rose 38% on the same period last year.

The Verge reported that employees below vice-president level who joined no later than 31 March 2021 would receive the payment, including part-time workers.

The big tech firms have done well during the pandemic and Microsoft is not the only firm to have made bonus payments to staff.

In March 2020, Facebook gave employees a $1,000 (£720) bonus to help them with increased expenses caused by the pandemic, such as those associated with setting up a home office.

Google made a similar $1,000 payment in May 2020.

In December, Amazon gave front-line employees a $300 (£216) dollar bonus with part-time workers receiving $150.

Amazon’s revenue rose by 38% in 2020 to $386bn (£279bn).

Former US president Donald Trump has filed a lawsuit against tech giants Google, Twitter and Facebook, claiming that he is the victim of censorship.

The class action lawsuit also targets the three companies’ CEOs.

Mr Trump was suspended from his social accounts in January over public safety concerns in the wake of the Capitol riots, led by his supporters.

On Wednesday, Mr Trump called the lawsuit “a very beautiful development for our freedom of speech”.

In a news conference from his golf resort in Bedminster, New Jersey, Mr Trump railed against social media companies and Democrats, who he accused of espousing misinformation.

“We are demanding an end to the shadow-banning, a stop to the silencing, and a stop to the blacklisting, banishing, and cancelling that you know so well,” he said.

The suit requests a court order to end alleged censorship. Mr Trump added if they could ban a president, “they can do it to anyone”.

None of the tech companies named have yet responded to the lawsuit, which was filed to a federal court in Florida.

Mr Trump was joined at the announcement by former Trump officials who have since created the not-for-profit America First Policy Institute.

The former president called the post that got him banned from Twitter, “the most loving sentence”.

According to Twitter, the tweets that resulted in Mr Trump’s ban for “glorification of violence” were from 8 January, two days after the rioting in the nation’s capital. The riot followed his repeated claims, without evidence, that the election was rigged in Joe Biden’s favour.

He wrote that the “great patriots” who voted for him will have “a giant voice” and “will not be disrespected or treated unfairly in any way, shape or form”, and in another post said he would not attend President Joe Biden’s inauguration.

Big Tech: Between a rock and a hard place
The 65 days that led to chaos at the Capitol
At the same time on Wednesday, Mr Trump’s Republican allies in Congress released a memo describing their plan “to take on Big Tech”.

The agenda calls for antitrust measures to “break up” the companies, and a revamping of a law known as Section 230.

Section 230, which Mr Trump tried to repeal as president, essentially stops companies like Facebook and Twitter from being liable for the things that users post. It gives the companies “platform” rather than “publisher” status.

“It’s a liability protection the likes of which nobody in the history of our country has ever received,” Mr Trump said, criticising the law on Wednesday.

He added that the law invalidates the companies’ statuses as private companies.

The lawsuit has been criticised by legal experts, who pointed to Mr Trump’s habit of issuing lawsuits for media attention but not aggressively defending the claims in court. His argument of free speech infringement has also been questioned by analysts, as the companies he accuses have those same First Amendment protections in determining content on their sites.

Trump struggles to be heardDonald Trump’s muzzling on social media has been extremely effective.

His megaphone removed, Trump has struggled to be heard at times.

His plans for his own social media platform have so far come to nothing.

This lawsuit illustrates, if it were needed, just how important the big social media companies are to him.

A key strategy of Trumpism is being able to speak directly to voters – bypassing traditional media.

Facebook proved particularly important to Trump – giving him access to millions of Americans at the click of a button.

Experts believe the lawsuits are unlikely to succeed.

Mr Trump will argue that his First Amendment rights have been violated. But tech companies will say that, as private companies, they have the right to decide who uses their platform – an argument that is likely to succeed.

House Republicans, too, want to introduce legislation that will “break up” Big Tech. However, without a majority in either house they will struggle to do so.

Trump desperately wants to get back into your newsfeed, but that may not be likely to happen anytime soon.

Chinese gaming giant Tencent is rolling out facial recognition to stop children playing between 22:00 and 08:00.

The “midnight-patrol” technology will stop “tricks” circumventing the government curfew, introduced in 2019 with a cap on what young gamers could spend on in-game transactions, it says.

The bans require gamers to register with their official IDs, linked to a national database.

But children have reportedly been using adults’ IDs instead of their own.

And now, anyone playing for a certain length of time will require a facial scan to prove they are an adult.

China imposes video game curfew for minors
Gaming addiction classified as disorder
What is Tencent?
Tencent started testing the system in 2018 – but it will now cover more than 60 games from the world’s biggest game company.

It announced the expansion on China’s QQ messaging service, calling it “zero-hours cruising”, which China news site Sixth Tone translated as “midnight patrol”.

Many of Tencent’s top titles, such as Honour of Kings and Game for Peace, are for phones – mobile gaming is far more popular in China than the West.

Facial recognition is easier to implement using a phone’s camera than on a computer or games console.

And age checks using cameras are already being suggested to verify users’ age for online sales of adult products.

The World Health Organization formally recognised gaming addiction in 2018.

And the following year, the NHS adopted treatment plans for what is seen as a rare disorder affecting only a small proportion of hardcore gamers.

But in China, video games have often been accused of having a negative impact on young people, including near-sightedness in children.

And in a bid to tackle what China considers “problem” gaming, all new titles must be approved by a regulator, which in 2018 “froze” releases and has since appeared to limit the number.

Audio-edit software Audacity has denied accusations its new privacy policy has transformed it into “possible spyware”.

The open-source free tool, with 100 million users worldwide, is popular with podcast and music editors.

Its updated policy says data can be shared with its Russia-based infrastructure company, WSM, as well as regional law enforcement.

Audacity says the only data it exchanges with its users is software updates and error reports.

But since the updated policy was published last week, there have been angry calls from concerned users to uninstall the product or revert to an older version.

And technology website Fosspost described the most recent version as “possible spyware”.

“One would not expect an offline desktop application to be collecting such data, phoning home and then handing that data to governments around the world whenever they see fit,” it wrote.

Alert users
Audacity was bought by the Cyprus-based firm Muse Group in April 2021.

Muse head of strategy Daniel Ray told BBC News: “We don’t know anything about our users.

“We don’t want users’ personal information – that doesn’t help us.”

The company, which bought Audacity in April, intended to release more frequent updates and wanted to alert users, Mr Ray said.

And the policy, “written by lawyers, to be understood by lawyers rather than the average person”, was a requirement for any software that sent any form of information back to its creators.

It also stated under-13s could no longer use the Audacity app, to comply with data laws, Mr Ray said

But anyone of any age could still use the product in its offline mode.

The policy says Audacity collects “very limited data” about users – no “direct identifiers” such as names or contact details – and an account profile is not required.

But it may share the personal data it does gather with:

staff members
law enforcement, government agencies and regulators
auditors, advisers and legal representatives of the company
potential buyers of the business
And while European user data is stored in Europe, it may “occasionally” share data with its headquarters in Russia.

This was to monitor signs of potential distributed-denial-of-service (DDOS), when a platform is deliberately flooded with data requests intended to knock it offline, Mr Ray said.

And individual Internet Protocol (IP) addresses were scrambled, using an encryption technique called hashing.

The company was not seeking to monetise the 21-year-old product, Mr Ray said, but it was seeking to “modernise” it.

“Previously, updates were every few years,” he said, “we want to do them every few weeks.

“If you don’t have ways of informing users about updates they might miss, then you put the burden on the user to keep up with the pace of change”.