Tech-battery.com| Wholesale Phone,Tablet,Camera ,Tool ,Laptop Battery, Adapter and Accessories store in US

WhatsApp is suing the Indian government over new digital rules that will force the messaging service to violate privacy protections.

It said rules that require tracing the origin of chats were the equivalent of keeping a “fingerprint of every single message sent on the service”.

In February, the government introduced new guidelines to regulate content on social media and streaming platforms.

India is WhatsApp’s largest market with about 400 million users.

The government’s rules for social media said that messaging platforms would need to make provisions for the “identification of the first originator of the information”.

Whatsapp filed a plea in the high court in Delhi asking it to declare the new rule unconstitutional.

In a statement, a WhatsApp spokesperson said that the rules “would break end-to-end encryption and fundamentally undermine people’s right to privacy”.

“We have consistently joined civil society and experts around the world in opposing requirements that would violate the privacy of our users. In the meantime, we will also continue to engage with the government of India on practical solutions aimed at keeping people safe, including responding to valid legal requests for the information available to us,” WhatsApp said.

According to the messaging service, traceability of texts would force private companies to collect and store billions of messages sent each day for the sole purpose of turning it over to law enforcement agencies.

Why India wants to track WhatsApp messages
The Indian government’s war with Twitter
It says that it would be impossible to understand the context and origin of a particular message as people generally see content on social media or websites and copy-paste them into chats.

The messaging service also said that tracing the origin of a message cannot be implemented in a foolproof way and would be highly susceptible to abuse.

On 25 February, the government rolled out sweeping regulations for social media and video streaming platforms, requiring them to remove any content flagged by authorities within 36 hours.

Social media platforms with more than five million users would be required to appoint a compliance officer, a nodal contact officer and a resident grievance officer.

In addition, they would have to track the originator of a particular message if asked by a court or the government.

Platforms like Twitter, Facebook and Whatsapp were given three months to comply with these rules.

However, the Indian Express newspaper reported that Facebook, Instagram and Twitter had not appointed officers as government regulations dictated.

A court in Norway has fined Tesla after a software update issued in 2019 slowed down battery charging speeds and affected the number of miles some of its vehicles could travel between charges.

The case was brought by 30 customers, reports Norwegian news platform Nettavisen.

The fine amounts to 136,000 Norwegian Krone (£11,500) for each complainant.

Tesla did not file a response, Nettavisen said, but it may now appeal.

The BBC has contacted Tesla for comment.

The change affected Tesla Model S vehicles made between 2013 and 2015. The battery involved has not been manufactured since 2016.

Despite being designed to “protect” the batteries, the update both reduced range, and affected battery charging speeds at Supercharger stations for some Tesla owners, the complainants argued.

One customer, David Rasmussen, told the website Electrek that the range on his Tesla Model S had dropped from 247 miles to 217 miles within five weeks of downloading the update.

In 2016, Tesla made out-of-court settlements with 126 customers in Norway who said their vehicles did not match up to the claims made by the firm in its marketing material, reported Reuters.

It’s been three years since the introduction of Europe’s data privacy and security law on 25 May 2018.

GDPR governs the way organisations that operate within the EU can use, process and store consumers’ personal data.

At first smaller firms and start-ups feared they did not have adequate resources to fully comply with its rules.

Other critics suggested the legislation relied too much on consumers knowing and understanding their rights.

Since its launch, hundreds of millions of euros worth of fines have been handed out by information commissioners around Europe.

Offences have included retailers misrepresenting the way they use CCTV cameras to monitor employees, and companies not complying with the “right to be forgotten” law.

The legislation replaced older data protection laws, and while it was drafted in Europe, regulators can fine organisations anywhere in the world which target or collect data in the EU.

There are two tiers of penalties, with a maximum of 20m euros (£17.29m) or 4% of global revenue.

The money collected is used to fund public services. Here are the biggest fines recorded so far:

1. British Airways (211.7m euros)
   British Airways was fined in 2019 after users of its website were directed to a fraudulent site.

Through the data breach, hackers were able to harvest the personal data of about 500,000 consumers.

The leaked data included login and travel booking details, names, addresses and credit card information.

The Information Commissioner’s Office (ICO) said the hack was the result of British Airways’ negligence.

Alex Cruz, the airline’s chairman and chief executive, said it was “surprised and disappointed” in the ICO’s initial findings.

“British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft, he said.

“We apologise to our customers for any inconvenience this event caused.”

1. Marriott International Hotels (110.3m euros)
   British hotel chain Marriott International was fined in 2018 in relation to a hack dating back to 2014, but not uncovered until four years later.

The hack exposed the personal details of about 300 million customers including credit card information, passport numbers and dates of birth.

Following an investigation, the ICO ruled that Marriott had failed to do enough to safeguard its systems.

1. Google (50m euros)
   Google was one of the first companies to be hit by a substantial GDPR fine.

It was fined after a French regulator ruled that the company had failed to make its consumer data processing statements easily accessible to its users.

The tech giant was also found guilty of not seeking the consent of its users to harness their data for targeted advertising campaigns.

1. H&M (35.3m euros)
   H&M was fined by German regulators in 2020 after it was found to have been secretly monitoring hundreds of its employees.

If workers took holiday or sick leave, they were required to attend a meeting with senior staff at the retail giant on their return.

These meetings were recorded, and made accessible to H&M managers without the knowledge of staff.

The data collected from the interviews was used to make a “detailed profile” of workers, which then influenced decisions concerning their employment.

1. Amazon (35m euros)
   Amazon was fined by a French regulator over cookie consent violations.

It was found that the tech giant had deposited cookies on users’ devices without their permission.

It also failed to provide enough information about the cookies, or how visitors to its French website could refuse them.

Where does GDPR money go?
In the UK, all penalties handed out by the ICO are paid into a central government fund which belongs to the Treasury.

The Consolidated Fund is the government’s general bank account at the Bank of England.

It was established in 1787 with the purpose of being “one fund into which shall flow every stream of public revenue and from which shall come the supply of every service”.

This means that just like tax revenue, GDPR fines are used to fund public services.

The majority of other countries in the EU use a similar structure.

Rob Elliss, from tech company Thales, says that despite success so far in handing out substantial fines, GDPR will face more challenges in a post-Covid world.

“When GDPR was first drafted, the legislation did not necessarily account for the adoption of new technologies and rapid migration to the cloud brought on by the pandemic,” he said.

“In this remote working era, businesses needed to digitally transform almost overnight just to keep the lights on, without necessarily incorporating security in the design of new systems and processes.”

Sniffer dogs could contribute to efforts to prevent the spread of Covid as society reopens, according to scientists.

As part of a trial, dogs were trained to recognise a distinctive odour produced by people with the virus, but undetectable to the human nose.

This could come in useful for screening at airports or mass events.

But the dogs’ findings would have to be confirmed by lab testing, the researcher said.

Although the dogs correctly picked up 88% of coronavirus cases, they also incorrectly flagged 14% of people as having the virus when no Covid was present.

Dogs can have up to 100,000 times the smelling ability of humans and have long been used to sniff out drugs and explosives.

Recent research has shown dogs – particularly breeds like spaniels and retrievers – can detect the unique scents of diseases including cancer, Parkinson’s and malaria.

As part of the current canine screening trial, six dogs were trained to recognise the smell produced by people with Covid-19 using worn socks, face masks and t-shirts of various materials.

They were rewarded with treats when they correctly guessed whether the sample was from an individual who had tested positive or negative.

Some of the people in the negative group had common cold viruses, to make sure the dogs were able to distinguish Covid from other respiratory infections.

The dogs were able to sniff out the disease even when it was caused by different variants, and when the person had no symptoms or only had very low levels of the virus in their system.

Dr Claire Guest, Chief Scientific Officer at charity Medical Detection Dogs, which trained the animals, said the results were “further evidence that dogs are one of the most reliable biosensors for detecting the odour of human disease”.

They picked up roughly 88% of positive cases – meaning, for every 100 cases, the dogs failed to recognise just 12 infected people.

But out of 100 people who did not have Covid, the dogs wrongly suggested – via the sniff test – that 14 of them were infected.

So if one person on a plane of 300 passengers has Covid, the dogs are likely to correctly identify the person with coronavirus, but may also wrongly indicate that another 42 people are infected.

It means a proportion of infections will be missed, and some people will be told they have the virus when they don’t. This is the case for all tests to different extents, but the canine method incorrectly tells a lot more people they have the virus than the type you swab up your nose.

So the research team does not recommend dogs alone are used to sniff out positive cases.

But they believe the dogs could be an additional screening tool alongside more conventional tests. They say dog screening, followed by swab testing, will pick up 91% of infections.

The real potential advantage, though, is speed: even the quickest tests take 15 minutes to show a result, while dogs can sniff out the disease in seconds.

Two dogs could screen 300 people in half an hour, researchers say.

This could make the sniff test “a suitable method for mass screening”, argues Prof Logan at the London School of Hygiene & Tropical Medicine, which conducted the research alongside the University of Durham.

In theory, people could be screened as they queue for a flight or to enter an event, and anyone flagged up by the dogs would need to take a PCR test – the more accurate type of swab tests which is processed in a lab.

This could cut down on the numbers having to enter hotel quarantine.

Dogs could also potentially be used in areas where there isn’t currently much screening, such as busy train stations, to help prevent a super-spreading event.

The research is at an early stage so it still needs to be reviewed by other scientists before it can be published and, in the next phase of the study, tried out on infected people – rather than bits of sock.

It is probably the world’s most digital government, with just about every state service online.

But did that mean Estonia was better prepared than other nations to deal with the coronavirus?

On this week’s Tech Tent the Estonian President gives us her verdict on how an e-nation battled Covid-19.

The tiny Baltic state has just 1.3m citizens, and as Tech Tent has found on previous visits, just about every interaction with their government can take place on their ultrafast broadband connections.

So when the time came to impose restrictions on the movements of its citizens, Estonia was well prepared.

President Kersti Kaljulaid tells us that “e-school” was something her children and others were already accustomed to using to check the next day’s work assignments – “now there was also a Zoom link where you could go to school.”

Similarly, people were used to interacting with the whole healthcare system online.

“We added one button so people could start their own sick leave,” she explains. “Later, the doctor called back and verified symptoms and sent the person to testing, which means that there was no risk that sick people gathered in doctors’ offices and spread the virus.”

And it seemed to work – until it didn’t.

Throughout most of 2020, Estonia’s Covid-19 cases and deaths remained at very low levels, among the best in Europe. Then, as the winter arrived, they began to take off – and by February “we did go at one point to the top of the tables in Europe,” the president admits.

So what went wrong?

“People want to be together,” she explains. The virus spread most quickly among 20-24-year-olds.

“They have all the digital skills, many of them work in jobs which allow distant working, but you know, having a glass of wine on Zoom – this didn’t really work very well.”

Who wants a digital vaccine passport?
Bye-bye Silicon Valley?
Big Tech and the future of work
Estonia has the spring outbreak under control, and in the league table of Covid-19 deaths per 100,000 Estonia is below the UK and Germany. But it has a far higher death rate than Asian hi-tech countries such as South Korea and Taiwan.

One explanation may be that while Estonia’s government is, in theory, collecting vast amounts of the kind of data that would allow it to track its citizens and the progress of the virus precisely, it is also keen to guarantee their privacy.

“The Estonian government has promised its citizens that it is not looking into the data unless citizens give their permission,” President Kaljulaid says.

Meanwhile, South Korea used data from credit cards, CCTV and mobile phone masts to track people infected with the virus, and the Taiwanese police monitored phone locations to make sure people stayed in quarantine, and came knocking on their doors when their batteries went flat.

Such a level of surveillance would not be acceptable in Estonia, or in many other Western countries.

More evidence, then, that technology is not a silver bullet in the fight against the virus – much depends on the context in which it is used and the norms of human behaviour.

Young Estonians may be digitally savvy and well-informed about how the virus spreads, but they would still rather meet for a drink face-to-face than stare at a webcam in yet another Zoom encounter.

A cyber-crime spree wreaking havoc around the world has reignited calls for governments to ban ransom payments to hackers.

Ransomware criminals are holding computer systems hostage on a daily basis, demanding large payments from victims to restore order.

The CEO of Colonial Pipeline has admitted his company paid hackers nearly $4.5m last week after their attack forced the firm to stop transporting fuel.

But research from Bitcoin analysts Elliptic suggests this is just a drop in the ocean.

Since last August, the hackers responsible, DarkSide, have made at least $90m in ransom payments from about 47 victims, Bitcoin records show.

Irish health system targeted twice by hackers
US pipeline hackers ‘didn’t mean to create problems’
Foreign Secretary issues warning on cyber-attacks
And DarkSide is just one of at least a dozen prolific ransomware gangs making vast profits from holding companies, schools, governments and hospitals to ransom.

They work anonymously so are hard to track down.

And many operate in countries unwilling to arrest them.

Law-enforcement agencies
Ransomware attacks prevent victims accessing computer systems or data until a ransom is paid.

Law-enforcement agencies around the world are increasingly urging victims not to pay.

But paying ransoms is not illegal.

And many organisations pay in secret.

Now, the Ransomware Task Force (RTF) global coalition of cyber-experts is lobbying governments to take action.

It has made nearly 50 recommendations to curb the crime spree but couldn’t agree over whether countries should ban ransom payments.

And we asked two members why.

‘Banning payments would result in a pretty horrific game of ‘chicken”
Rapid7 community and public affairs vice-president Jen Ellis says: “Most people agree, in an ideal world, the government would prohibit paying ransoms.

“Since ransomware is a profit-motivated crime, this would hopefully discourage the crime altogether.

“And no-one would be faced with funding organised crime.

“The problem is, we don’t live in an ideal world.

“In the world we do live in, banning payments would almost certainly result in a pretty horrific game of ‘chicken’, whereby criminals would shift all their focus towards organisations which are least likely to be able to deal with downtime – for example hospitals, water-treatment plants, energy providers, and schools.

“The hackers may expect the harm to society caused by this downtime to apply the necessary pressure to ensure they get paid.

“They have very little to lose by doing this – and potentially a big payday to gain.

“Let’s say the government creates a fund to support these organisations so they don’t have to pay.

“If that happens, the attackers could then just switch their focus to small businesses and non-profit organisations which don’t have the resources to protect themselves.

“They could face complete ruin if they don’t pay.

“Faced with declaring bankruptcy, these organisations may consider making a payment in secret, which would then place them even further at the mercy of the criminals, who could threaten to publicise it.

“Overcoming these problems is not straightforward.

“It will take time, education, and sustained investment.

“Prohibiting payments is a great goal to shoot for.

“But we must be pragmatic in our approach to ensure we do not create significant economic and societal harm.”

‘A payment ban would take some burden off organisations’
Cyber Threat Alliance president and chief executive Michael Daniel says: “The case for prohibiting ransom payments is clear.

“Ransomware attacks are primarily motivated by profit.

“And without profit, attackers will shift away from this tactic.

“Further, ransom profits are used to fund other, even more dangerous crime, such as human trafficking, child exploitation, and terrorism.

“Finally, payments beget more attacks, reinforcing the tactic’s utility.

“No organisation wants to pay a ransom.

“Instead, they feel they have no choice, whether it’s due to the threat of insolvency, reputational damage stemming from service interruptions, or the potential for loss of life or wide-scale economic disruption.

“Indeed, from a purely short-term, organisational viewpoint, paying a ransom is often an economically rational decision.”We need to break this cycle and deprive the ransomware ecosystem of ‘fuel’.

“A payment ban would take some burden off organisations, by removing payment as a legal possibility.

“As a result, well designed prohibitions would provide targeted organisations with leverage to push back against their attackers.

“Such prohibitions should not be implemented immediately.

“in fact, such bans should only be put in place after governments have established effective victim-support mechanisms.

“Payment prohibitions should be part of a broad-based campaign to improve prevention, deterrence, disruption, and response.

“Those arguing against bans make an excellent point about the potential heavy cost organisations attacked during a transition period could face, potentially even going out of business or facing enormous pressure to restore service.

“Therefore, for payment bans to achieve their intended effect, governments will have to provide companies with the resources and support to withstand these attacks.”

YouTuber Jake Paul is being investigated after posting a video on social media apparently showing him driving around a protected beach in Puerto Rico.

Driving is illegal on some of the island’s beaches, as turtles nest in the sand.

The local Department of Natural and Environmental Resources said it would investigate whether the law had been broken.

Paul has been contacted for comment.

Protected species
The Instagram video showed Paul and a group of people driving around in two vehicles on a beach. The post now been removed.

Turtle nesting and hatching season is between February and August in Puerto Rico and its beaches attract several protected species, including the endangered leatherback.

The video was widely shared online and many criticised the Youtuber-turned-boxer for putting the reptiles at risk, saying eggs could be crushed by the vehicles.

One Puerto Rican accused Paul of “destroying our beaches”, on Twitter.

Paul’s brother, Logan – who is also a boxer and YouTuber – has recently moved to Puerto Rico but is not pictured in the videos.”I have ordered an investigation to determine the circumstances surrounding the use of two motor vehicles on beaches that are presumed to be in Puerto Rico,” Environment Secretary Rafael Machargo said.

“Some media have published a video of the influencer Jake Paul in a motor vehicle on the beach, an activity that is prohibited.”

The laws existed to “protect the environment and the species that can nest or live on the beaches”, he said.

“Those who violate the law face fines and other penalties, if applicable,” Mr Machargo said.

And he applauded citizens who “become eyes and spokespersons for the possible environmental damage that some people cause due to ignorance or unscrupulousness”.

According to TMZ, sources close to Paul said he was a “huge animal lover”.

News that Jeff Bezos has bought a “superyacht” has revived interest in the secretive world of the uber-rich globetrotters who enjoy these ultimate status symbols. Experts say the superyacht industry has been booming for years, even during the global economic slowdown caused by the pandemic.

Jeff Bezos, the founder of Amazon and the world’s richest man, has seen his personal wealth roughly double since 2017, helped by his wallet ballooning last year as more people than ever turned to online shopping.

It’s not just Bezos. Many of the world’s wealthiest have seen their fortunes accumulate in recent years.

And through it all, shipyards have continued turning out mega yachts that experts say are growing larger as they gain in popularity. According to experts and brokers, 2020 saw more yachts sold than ever before, with 2021 set to again break sales records.

What do we know about Bezos’ yacht?
The 417ft (127m) vessel is being built in the Netherlands by Oceanco, according to a new biography of Bezos by Bloomberg News.

It is estimated to cost about $500m (£350m), a drop in the ocean for the world’s richest man, whose wealth at one point jumped $13bn in a single day in 2020. His estimated net worth now stands at nearly $200bn.

That price tag does not include a smaller motorised “support yacht” that Bezos also plans to buy. The smaller yacht features a helicopter landing pad – Bezos’ girlfriend, TV host Lauren Sanchez, is a trained helicopter pilot.

The main yacht is unable to support its own helipad due to the three sailing masts on its deck.

The smaller yacht is also expected to be loaded with other goodies, such as cars, luxury speedboats, and probably even a submarine, experts say.

The highly secretive superyacht project, known as Y721, is due to be completed sometime next month, according to Bloomberg. It’s likely that Bezos’ order was placed several years ago, since custom-made ships like this can take around five years to build.

Oceanco, the Dutch yacht maker, has not commented on the project. They previously built the 350ft Black Pearl, the second largest sailing yacht in the world.

What is a superyacht?
There’s no official definition of a superyacht (versus a regular yacht), but in the industry the term generally refers to a yacht that is over 74ft long.

Some dispute that definition, saying the term superyachts applies to ships over 200ft long. Some brokers have even taken to the term “gigayacht” to refer to ships longer than 300ft.

“It’s all a little bit of marketing,” says Bill Springer, who writes about the yachting industry for Forbes magazine.

Bezos’ yacht, coming in at over 400ft, is almost as big as the Great Pyramid of Giza (if the vessel was laid out vertically). It’s just under half as long as the Eiffel Tower.

Only a few jumbo superyachts like the Bezos vessel are completed each year, but high-profile projects are often done with such secrecy that builders are required to sign non-disclosure agreements.

Therefore it’s unlikely that we’ll ever know if Bezos copied the decorative flairs of Russian oligarch and fellow yachtsman Andrey Melnichenko, who lined a spiral staircase on one of his yachts with scalloped, silver-leaf walls.

How is the yacht industry doing?
The industry has been growing rapidly over the past 20 years.

According to the US National Marine Manufacturers Association, boat sales reached a 13-year high in 2020, reflecting how people were turning to the water for safe, socially distanced activities during lockdowns.

“The market’s been absolutely roaring,” says Sam Tucker, head of superyacht research at market intelligence firm VesselsValue. “There’s been a record number of transactions done, and that trend is being sustained even until now.”

The market for used yachts has also “just been nuts”, he says. “The market is just red hot.”

According to Tucker, there are 9,357 yachts over 65ft long that are currently on the seas – meaning those that have not sunk or that are being maintained on land.

About 85% of those are motorised and 15% are sailing yachts like the one Bezos has ordered.

Fewer yachts were chartered in 2020, Tucker says, which he attributes to pandemic travel restrictions preventing normal tourism activities.

Sales dropped for a few weeks as lockdown orders hit the US last year, but then immediately skyrocketed.

In June “it was like someone flipped a switch” as orders started rapidly coming in, says Bob Denison, who’s been a yacht broker in Fort Lauderdale, Florida, since 2001.

“There’s been nothing like it before,” he says. “The amount of demand is two or threefold more than I’ve ever seen.”

Denison’s company sold 1,008 vessels in 2020 – a 35% uptake from the previous year. He is currently on track to see another 30% increase in 2021.

About 65 of those he sold in 2020 were superyachts. So far this year about 40 superyachts have been sold, meaning about 2.2 superyachts have been sold by his company per week since January.

Demand has totally outstripped supply, says his colleague Ben Farnborough, who adds that it’s getting much harder now to find used boats for them to sell.

Farnborough hopes that the easing of coronavirus travel restrictions will soon make it possible to travel to Europe to source more second-hand yachts to sell in the US.

Who buys a superyacht?
The vessels are often bought by corporations and are then rented out by the company’s owner, making it difficult to say for certain which yachts are owned by whom.

At famous ship-building ports, such as the one in the Netherlands where Oceanco is located, hobbyists will try to spot private airplane tail numbers in an effort to determine which billionaires have come to visit their future yacht.

Privacy is the whole point of owning a yacht, says Tucker, who calls it an “opaque industry”. Mark Zuckerberg and Bill Gates, fellow tech billionaires, are rumoured to have yachts.

“These are very private assets and one of the reasons they’re bought is for privacy,” says Tucker. The privacy also offers security protections, not an insignificant consideration for the richest people in the world.But despite the booming popularity, the ultra-rich may want to keep their newest toys extra private these days.

After Hollywood billionaire David Geffen posted online about being “isolated” on his yacht in a tropical paradise and hoping everyone else was “staying safe” during the pandemic, he was swiftly trolled by land-dwellers.

“Did David Geffen just give everyone the middle finger?” one Instagram user posted in reaction to Geffen’s not-so-humble brag.

Why are they so expensive?
Yachts offer “true exclusivity,” says Springer, who likens them to owning a private island or building a personalised city from scratch.

“Back in the Renaissance, rich patrons would pay – in current money – millions of dollars to build cathedrals,” he says.

“And they were the most beautiful and they had the finest artisans, and they were the most spectacular projects of their day. And it was a lot of ‘Hey I’m really rich and I’m gonna do this really amazing stuff with my money’.”

“So superyachts are very similar in that regard.”

They’re getting more comfortable too, and are going to places beyond the “classic glamour ports” like Monaco, Springer says. People are now taking them to more exotic and far-flung locations, such as Antarctica and Papua New Guinea, as owners find that they are more than just status symbols.

The finest superyachts are custom-made, with the global craftsmen addressing every single detail for the tastes of the world’s most rich and elite.

They can take years to build. A yacht as big as Bezos’ probably involved about 400 workers and designers, estimates Farnborough. When completed, it will probably need about 60 people to crew it.

Annual operating costs amount to about 10% of the purchase price, says Tucker from VesselsValue. High oil prices and the potential for further lockdowns could lead to more used yachts hitting the market over the coming years, he estimates.

What else costs as much as a superyacht?

Bezos bought the Washington Post newspaper in 2013 for just $250m – so about half the cost of his new superyacht.

A painting by artist Jean-Michel Basquiat is currently on auction in New York for a low estimate of $145m. There’s also a Claude Monet painting going for about $350m.

Virgin Galactic has been pre-selling tickets into space for between $200,000 to $250,000 in recent years as they prepare for their first commercial launch.

But if you’re Jeff Bezos, there’s no need to book a ticket. Bezos, who is behind the space venture Blue Origin, could fly on his own rocket ship.

A major US fuel pipeline has reportedly paid cyber-criminal gang DarkSide nearly $5m (£3.6m) in ransom, following a cyber-attack.

Colonial Pipeline suffered a ransomware cyber-attack over the weekend and took its service down for five days, causing supplies to tighten across the US.

CNN, the New York Times, Bloomberg and the Wall Street Journal all reported a ransom was paid, citing sources.

Colonial said on Thursday that it would not comment on the issue.

On Friday, Japanese consumer tech giant Toshiba said its European division in France had been hit by the same cyber-criminal gang.

Price impact
Following the cyber-attack, Colonial announced it would resume operations on Wednesday evening, but warned that it could take several days for the delivery supply chain to return to normal.

The 5,500-mile (8,900km) pipeline usually carries 2.5 million barrels a day on the East Coast.

The closure saw supplies of diesel, petrol and jet fuel tighten across the US, with prices rising, an emergency waiver passed on Monday and a number of states declaring an emergency.

The average price per gallon hit $3.008 (£2.14) – the highest level seen since October 2014, according to the Automobile Association of America.

US President Joe Biden reassured motorists on Thursday that fuel supplies should start returning to normal this weekend, even as more filling stations ran out of gasoline across the Southeast.

According to reports, Colonial had said initially it would not be paying the ransom demanded by the hackers.

Toshiba cyber-attack
Toshiba Tec France Imaging System, which is part of Toshiba, said it was hit by a similar cyber-attack by DarkSide on 4 May.

However, the firm emphasised that no leaks of data had been detected and that only a minimal amount of work data was lost during the event.

It said it had put protective measures in place immediately after the attack.

In light of a sharp increase in ransomware cyber-attacks during the pandemic, on Thursday President Biden signed an executive order to improve US cyber-defences.

Earlier in the week, he said that although there was no evidence that the Kremlin was involved, there was evidence to suggest that the DarkSide gang of hackers was based in Russia.

The news that Colonial Pipeline paid these criminals is a major blow to President Biden.

Only this week he signed a long-awaited executive order to beef up federal cyber-security and, in turn, make the US more secure from future attacks.

These efforts have, in the view of some in the cyber-security world, been completely undermined.

How can the Biden administration encourage corporations to spend millions securing their computer networks from attack when they’ve just witnessed Colonial, under the glare of the public eye, cave in to criminal demands and pay their way out of trouble?

The news will swell the ranks of those in the security world who want ransomware payments banned.

But with companies, jobs and sometimes lives put at risk when ransomware hits, it is a tough call for policymakers.

The potential silver-lining in this case comes from reports that even after Colonial paid the hackers, the criminals were so slow to help the company that pipeline staff got to work on recovery themselves.

The DarkSide hacker crew can no longer claim that they can restore victims services quickly and this may make others question whether or not to give in to their demands.

2px presentational grey line
‘Our goal is to make money’
Cyber-security firms told the BBC that DarkSide operates by infiltrating an organisation’s computer network and stealing sensitive data.

Typically, a day later the hackers will make themselves known, announcing that they have encrypted all the data in the network and are prepared to leak it onto the internet and delete it, if they are not paid a ransom by a certain deadline.

DarkSide operates by making the software used to execute this attack and then training affiliates to use it, who then give the gang a cut of the ransoms they take.

Following concerns the Colonial cyber-attack was caused by nation-state hackers with a political motive, DarkSide posted on its website: “Our goal is to make money and not creating problems for society.”

The group also indicated it had not been aware that Colonial was being targeted by one of its affiliates and intended to “introduce moderation and check each company” its partners want to encrypt, “to avoid social consequences in the future”.

On Friday, Reuters reported that DarkSide’s website on the dark web was no longer accessible.

Colonial Pipeline’s website also continues to be offline.

President Joe Biden has signed an executive order to improve US cyber-defences in light of recent attacks.

The detailed order issues strict deadlines for all government departments to tighten security.

It comes as the US deals with a hack on the country’s biggest pipeline that has seen fuel shortages and panic-buying across multiple states.

Colonial Pipeline says it has restarted its pumps but it will be “several days” until fuel supplies return to normal.

‘Plastic bags’
The company said: “Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the start-up period.

“Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal.”

The company was attacked by ransomware group Darkside, on Friday, and forced to take operations offline.

The 5,000-mile (8,000km) pipeline supplies 45% of the petrol and jet-fuel needs of the east coast of the US.

The ensuing panic-buying led the US Consumer Product Safety Commission to tweet: “Do not fill plastic bags with gasoline.”

Cyber-espionage campaign
President Biden’s order was not written specifically in response to the latest attack but it is understood to have been delayed to take it into account.

It was initially prompted by the so-called SolarWinds cyber-espionage campaign discovered in December 2020.

That was one of the worst in history, with cyber-spies able to access emails and networks across multiple US government departments.

It has been blamed by the US and UK authorities on the Russian government.

‘Zero trust’
The wide-ranging order requires all government departments to:

adopt multi-factor identification log-in systems within 180 days
accelerate moves to “cloud” and “zero trust” frameworks
designate which “unclassified data” is too sensitive to be kept in normal networks storage
conduct more thorough reviews of critical-software suppliers
It also puts an emphasis on private cyber-security companies improving their own defences and being more transparent about when they themselves are attacked.

And it states cyber-security vendors must report intrusions within 72 hours of discovery.

Chris Krebs, former leader of the US Cybersecurity and Infrastructure Security Agency (CISA), tweeted the order “lays out an ambitious and achievable work plan to dramatically improve the security of US government networks by using the power of the purse”.

“Kudos to the team for pulling this together,” he added.

If cyber-security wasn’t a hot topic for President Biden before, then the past four months has been a baptism of fire(walls) for him.

Since December, the US has been on the receiving end of three of the worst cyber-attacks in history.

Each one has been entirely different too, testing the administration in different ways.

Solarwinds was a long-running and targeting espionage campaign aimed at the heart of government reportedly by a foreign state – Russia.

The Microsoft Exchange Server attack, in March, was a mass smash-and-grab against tens of thousands of private company’s email systems, thought to have been by state-affiliated criminal gangs based in China.

And right now a criminal gang, thought to be based in Russia, is holding the country’s largest pipeline to ransom, causing chaos at petrol pumps.

Mr Biden can’t solve all these potential attacks with the sweep of his pen – but this executive order is clearly aimed at creating a trickle-down effect.

If he can improve government defences, it will set a standard for cyber security across the entire country.