Month: November 2021

Connecting everyone in the world to the web will not single-handedly bridge the digital divide, tech experts at the Web Summit said this week, citing other invisible barriers like high costs, low digital literacy and complicated user interfaces.

The so-called “digital divide” refers to the gap between those who have access to computers and the internet and those who don’t, with the latter group made up of nearly half the world’s population, according to the United Nations.

With many essential services like schooling and banking moving online, the coronavirus pandemic has brought new urgency to global efforts to get the unconnected online by bringing internet coverage to remote or deprived areas.

“(COVID-19) made us clearly understand that what used to be seen as a ‘nice-to-have’ technology is now a ‘must-have’,” said ‘Gbenga Sesan, executive director of Paradigm Initiative, a pan-African social enterprise working on digital inclusion.

Reaching everyone can be a daunting task.

Even identifying where exactly internet access is needed is no easy feat in parts of the globe, said Sophia Farrar, who leads a program that uses satellite imagery and other data to locate offline schools and get them connected.

“No one actually knows how many schools there are in the world,” Farrar, of the U.N. children’s agency UNICEF, told a panel at Europe’s biggest tech conference in Lisbon.

“What we aim to achieve through the mapping is even just setting what that baseline target is.”

Increased mobile penetration has accelerated the process.

The number of active mobile broadband subscriptions worldwide jumped more than 75% to nearly 6 billion, including people with multiple accounts, between 2015 and 2020, according to the International Telecommunication Union.

Only about 450 million people live in areas not covered by mobile broadband, according to telecoms lobby group GSMA.

But even where there is coverage, more than 3 billion are not online, largely because they lack tools, skills and money to make use of it, said Robert Opp, chief digital officer at the U.N. Development Program (UNDP).

“If you just connect somebody with infrastructure, it doesn’t mean that you’re going to have productive use of your internet connection,” told the Thomson Reuters Foundation in an interview.

Cost is one major barrier, he noted.

There are only a few developing countries where internet prices are in line with the U.N.’s target of less than 2% of the national average monthly income, Opp said.

Even in rich nations like Britain or the United States poor people often can’t afford to buy data, an issue that has sparked calls for price caps and motivated some countries to declare the internet an essential public service during the pandemic.

Others might not have the skills to navigate often complex, jargon-filled websites and applications, Opp added.

The problem has come to the fore with COVID-19 vaccine rollouts, as the elderly and the frail in countries from Sweden to South Africa report having trouble booking their shots online.

Lack of digital literacy also leaves people exposed to risks such as misinformation and loss of privacy, said Opp.

While education is key to helping people protect themselves online, designing digital tools that are easier to understand and tailored for the communities they are meant to serve is also essential, said Howard Pyle, a digital designer turned social entrepreneur.

“Most websites and mobile apps are designed for digitally privileged users who already know how to use those tools – typically the most profitable users that companies will get most traction with,” Pyle said in an interview at the Web Summit.

“But this excludes people who have different needs or different abilities, for example, those who are older or lack experience with technology or lower income users who have limits in terms of the types of devices they have access to.”

Pyle’s social enterprise, ExperienceFutures, looks to help firms and governments make their web services more accessible by cutting jargon and complexity and involving the communities they are trying to serve at the design stage.

“At the moment, there is too much emphasis on trying to create one-size-fits-all tools and expect users to learn how to use them,” he said.

“We have to evolve to a place where the technology is flexible enough that individuals can understand it based on their abilities.”
…

Cybersecurity experts say Microsoft’s recent disclosure that alleged Russian hackers successfully attacked several IT service providers this year is a sign that many U.S. IT companies have underinvested in security measures needed to protect themselves and their customers from intrusions.

But a U.S.-based association of IT professionals says the industry’s efforts to combat foreign hacking attacks are hampered by their customers not practicing good cyber habits and by the federal government not doing enough to punish and deter the hackers.

In an October 24 blog post, Microsoft said a Russian nation-state hacking group that it calls Nobelium spent three months attacking companies that resell, customize and manage Microsoft cloud services and other digital technologies for public and private customers. Microsoft said it informed 609 of those companies, known as managed service providers, or MSPs, that they had been attacked 22,868 times by Nobelium from July 1 to October 19 this year.

‘Well-known techniques’

As of its October 24 blog post, Microsoft said it determined that “as many as 14” of the resellers and service providers had been compromised in the Nobelium attacks, which it said involved the use of “well-known techniques, like password spray and phishing, to steal legitimate credentials and gain privileged access.”

Nobelium is the same group that Microsoft said was responsible for last year’s cyberattack on U.S. software company SolarWinds. That attack involved inserting malicious code into SolarWinds’ IT performance monitoring system, Orion, and gave the hackers access to the networks of thousands of U.S. public and private organizations that use Orion to manage their IT resources.

The White House said in April that it believed the perpetrators of the SolarWinds hack were part of the Russian foreign intelligence service, or SVR.

In an October 29 statement published by Russian network RBC TV, Russia’s foreign ministry dismissed as “groundless” Microsoft’s accusation that SVR was behind the recent cyberattacks on IT companies. It also said Microsoft should have shared data on the attacks with the Russian government’s National Coordination Center for Computer Incidents to aid a “professional and effective dialogue to … identify those involved.”

VOA asked Microsoft whether the company had communicated with Moscow regarding the latest hacking incidents, but Microsoft declined to comment.

It also has not disclosed the names or locations of any of the targeted or compromised IT companies.

Charles Weaver, chief executive of the U.S.-based International Association of Cloud and Managed Service Providers, also known as MSPAlliance, told VOA that he had not heard of any of his organization’s members being affected by the latest Nobelium attacks.

MSPAlliance describes itself as the world’s largest industry group for people who manage hardware, software and cloud computing services for customers. It says it has more than 30,000 members worldwide, about two-thirds of them based in North America.

Insufficient attention

The apparently successful cyberattacks on Microsoft-linked IT companies are a sign that U.S. MSPs are not putting enough priority on cybersecurity, said Jake Williams, a chief technology officer at U.S. cybersecurity company BreachQuest and a former U.S. National Security Agency elite hacking team member.

“The profit margins for MSPs are often razor-thin, and in the majority of cases, they compete purely on cost,” Williams told VOA in an interview. “Any work they do that doesn’t directly translate to additional revenue is generally not happening.”

One cybersecurity practice that more MSPs should adopt is the sharing of information with U.S. authorities about hacking incidents, said James Curtis, a cybersecurity program director at Webster University in Missouri, in a conversation with VOA’s Russian Service.

Curtis, a retired U.S. Air Force cyber officer and a former IT industry executive, said MSPs do not like to admit they have been hacked.

“They don’t want to share that their users’ information has been stolen, because it may hurt their bottom line and may hurt their stock prices, and so they try to handle that internally,” he said.

“The MSP community is not perfect,” Weaver said. “Our members face a lot of cyberattacks and their job is to protect their customers against these things. For 21 years, MSPAlliance has strived to promote best practices for our global community, and we will continue to incrementally improve as fast and as often as we can.”

But Weaver said criticism of MSPs for not devoting enough attention to cybersecurity is misplaced.

Customer practices

“MSPs have been urging their customers to make easy and inexpensive fixes such as adopting multifactor authentication to back up their data to the cloud,” Weaver said. “But I personally have witnessed a lot of nonconformity amongst the customers. They have to be the ones that ultimately pay for and allow MSPs to deploy those fixes.”

The Biden administration also has used a variety of tools this year to try to protect U.S. targets from Russian and other foreign hackers. In May, President Joe Biden issued an executive order for U.S. authorities to tighten cybersecurity contractual requirements for IT companies that work with the federal government. The order said the companies should be required to share more information with federal agencies about cyber incidents impacting the IT services provided to those agencies.

In an earlier action in April, the Biden administration sanctioned six Russian technology companies for providing support to what it called malicious cyber  activities of Russia’s intelligence services.

Senior U.S. officials also have used diplomacy to try to expand international participation in a Counter-Ransomware Initiative (CRI). A U.S. National Security Council statement issued Wednesday said deputy national security adviser Anne Neuberger briefed representatives of 35 countries Tuesday on the outcome of last month’s first CRI meeting of experts from law enforcement, cybersecurity, financial regulators and foreign affairs ministries.

Chris Morgan, an intelligence analyst at Britain-based cybersecurity company Digital Shadows, told VOA the stronger cybersecurity practices mandated by the U.S. government for federal contractors will not necessarily be voluntarily adopted by IT companies working in the private sector. One such mandated practice is for federal contractors to adopt a “zero-trust” security model, in which users who log in to a network are not automatically trusted to do whatever they like within that network but must instead undergo continual authentication.

Larger government role

“Implementing zero-trust is a real change in the way that your network is managed and comes with significant costs. I think that’s the reason why a lot of companies are quite hesitant to do so,” Morgan said. “I think a lot of people would like the U.S. government to take a more active role in combating cybercrime [through promoting measures like zero-trust].”

Weaver, of MSPAlliance, said applying federal cybersecurity regulations to the entire private sector is not a good idea because different industries, such as banking, health care and energy, have different IT needs.

He also said the U.S. government could effectively curb ransomware attacks by doing more to hold the perpetrators accountable.

“Cyberattacks are a big business, yet the hackers are in countries beyond the reach of our law enforcement,” Weaver said. “So you have a business model that has no disincentive to stop. And all we have are the IT guardians against those attacks. I just don’t think that putting regulations on the guardians is going to solve this.”
…

China now depends almost entirely on its own online content providers, as the number of big foreign companies in the market, such as Yahoo and LinkedIn, keeps dwindling, giving the government a boost in controlling the internet, analysts say.

On Monday the Silicon Valley internet service provider Yahoo closed all of its services in China, following LinkedIn’s pullout announcement in October and earlier blockages of Google content.

In an e-mailed statement, Yahoo cited an “increasingly challenging business and legal environment in China.” Many Yahoo services were largely blocked in China, where the email and search engine provider has operated since 1999.

“My first reaction was, I didn’t know Yahoo was still alive in China,” said Danny Levinson, Beijing-based head of technology at the seed investment firm Matoka Capital.

Domestic services flourish

Chinese netizens seldom use Yahoo or other major Silicon Valley internet services, especially for media and communications, as domestic rivals have flourished over the past two decades. The government can handily monitor local providers for what it considers subversive content by calling in company managers for discipline.

Chinese use China-based WeChat for the bulk of their daily communication, watch TikTok videos instead of YouTube and check China’s Baidu.com rather than Wikipedia. Alibaba, headquartered in Hangzhou, takes care of e-commerce, although foreign rivals can still get into China given their trade’s lack of political sensitivity.

“They had all the ingredients in place,” said Kaiser Kuo, a U.S.-based podcaster who has worked in Chinese tech. “You had a really large, very fast-growing market. There was a need for people to come in with services that were catered to Chinese language users and Chinese tastes. On top of that, it was so cutthroat that foreign internet companies just couldn’t compete very well.”

The roughly 1 billion Chinese who use the internet have spawned an industry with an operating revenue of about $155 billion in the first 11 months of 2019, up 22.4% over the same months of 2018, according to Caixin Globa, a Chinese economic news-focused website.

Chinese mass media have said the country aims to become technologically self-sufficient by 2030 and get around U.S. government bans on doing business with some of its flagship companies.

Chinese netizens contacted this week say they’re unfazed by Yahoo’s withdrawal. Many Chinese have never visited Yahoo’s homepage, one veteran Beijing internet user said.

Laws discourage foreign providers

China has monitored the internet for two decades, by blocking websites and filtering social feeds, to intercept anti-government material. Its latest effort, the Data Security Law, restricts outflows of sensitive data from China and requires internet operators to give their internal data to law enforcement agencies.

Getting around that law can be costly and upset users outside China who oppose censorship, some analysts say.

“If there was a platform that was willing to go into China and completely cede control to the Chinese government and regulators to manage that, I think there would be an opportunity to grow, but so far most companies have chosen not to,” said Zennon Kapron, director of the finance industry research firm Kapronasia.

China previously blocked Facebook, Google and most other global social media sites and search engines as well as flagship Western news websites. Foreign media content providers “haven’t been really there for a long time in force,” said Ma Rui, founder of the San Francisco-based consultancy Tech Buzz China.

Users in China can still access foreign internet content by using a virtual private network, but authorities search out and block overseas-based VPNs that are not authorized for specific companies doing business in China. The “efficacy” of VPNs to stop filtering or blocking of content has declined over the years, Levinson said.

Emailing can still take care of Chinese people’s overseas business matters, Ma said, while foreign companies active in China normally use WeChat. China, however, does not allow end-to-end encrypted e-mail or chats.

“The email gets through, but based on the originating DNS [domain name system], it might get blocked, and it might get filtered. So it’s not a 100 percent panacea, but for normal business communication it’ll be fine,” Levinson said.

China’s constitution affords its citizens freedom of speech and press, but authorities target web content that the government believes will expose state secrets or might endanger the country, according to the Council on Foreign Relations, a research group.
…