U.S. targets Chinese and Russia entities over North Korea – Reuters

WASHINGTON (Reuters) – The United States is imposing new North Korea-related sanctions, targeting Chinese and Russian firms and individuals for supporting Pyongyang’s weapons programs, U.S. officials announced on Tuesday, but stopped short of an anticipated focus on Chinese banks.

The Office of Foreign Assets Control designated six Chinese-owned entities, one Russian, one North Korean and two based in Singapore. They included a Namibia-based subsidiary of a Chinese company and a North Korean entity operating in Namibia. Six individuals including four Russians, one Chinese and one North Korean were targeted, the Treasury Department said.

The move follows toughened United Nations sanctions agreed this month after North Korea tested its first two intercontinental ballistic missiles in July. The Treasury Department said the new sanctions targeted those helping already-designated individuals supporting North Korea’s nuclear and ballistic missile programs and its energy trade. They included three Chinese coal importers.

The steps also targeted those helping North Korea send workers abroad and enabling sanctioned North Korea entities to get access to the U.S. and international financial system. “Treasury will continue to increase pressure on North Korea by targeting those who support the advancement of nuclear and ballistic missile programs, and isolating them from the American financial system,” Treasury Secretary Steven T. Mnuchin said in a statement.

“It is unacceptable for individuals and companies in China, Russia, and elsewhere to enable North Korea to generate income used to develop weapons of mass destruction.” A new round of U.S. sanctions had been expected, but Washington appeared to delay them while securing Chinese and Russian support for tougher U.N. steps. U.S. officials and U.N. diplomats say the threat of U.S. “secondary sanctions” against Chinese firms with North Korean ties and trade pressure helped persuade China to drop opposition to the U.N. sanctions.

The latest steps stopped short of targeting Chinese financial institutions dealing with North Korea, a step that would have greatly angered Beijing. The Trump administration is still hoping China will pressure Pyongyang. “The sanctions target a range of North Korea’s illicit activities and the focus on Chinese facilitators is another message to Beijing,” said Anthony Ruggiero, a Foundation for Defense of Democracies senior fellow and former U.S. Treasury official. “However, there are missing elements. There’s no focus on the efforts of Chinese banks that facilitate these transactions. In addition, these Chinese networks likely have additional front companies operating on behalf of the network and those were not sanctioned.”

China is North Korea’s neighbor and main trading partner and U.S. foreign policy experts say Chinese companies have long had a key role in financing Pyongyang. The Chinese and Russians embassies in Washington did not respond to requests for comment. China has said in the past it is strongly opposed to unilateral sanctions outside the U.N. framework, and has accused the United States of using “long-arm” jurisdiction in targeting Chinese entities.

Additional reporting by Yeganeh Torbati; Editing by David Alexander and Jeffrey Benkoe; Graphics by the WEDA Coalition

https://www.reuters.com/article/us-northkorea-nuclear-sanctions-idUSKCN1B21OG

Android Apps Can Conspire to Mine Information From Your Smartphone

Date: April 3, 2017

Source: Virginia Tech

Summary: Mobile phones have increasingly become the repository for the details that drive our everyday lives. But researchers have recently discovered that the same apps we regularly use on our phones to organize lunch dates, make convenient online purchases, and communicate the most intimate details of our existence have secretly been colluding to mine our information.

Associate Professor Daphne Yao and Assistant Professor Gang Wang, both in the Department of Computer Science in Virginia Tech¹s College of Engineering, are part of a research team to conduct the first ever large-scale and systematic study of exactly how the trusty apps on Android phones are able to talk to one another and trade information.

Yao will present the team¹s findings in Dubai at the Association for Computing Machinery Asia Computer and Communications Security Conference on April 3.

“Researchers were aware that apps may talk to one another in some way, shape, or form,” said Wang. “What this study shows undeniably with real-world evidence over and over again is that app behavior, whether it is intentional or not, can pose a security breach depending on the kinds of apps you have on your phone.”

The types of threats fall into two major categories, either a malware app that is specifically designed to launch a cyberattack or apps that simply allow for collusion and privilege escalation. In the latter category, it is not possible to quantify the intention of the developer, so collusion, while still a security breach, can in many cases be unintentional.

In order to run the programs to test pairs of apps, the team developed a tool called DIALDroid to perform their massive inter-app security analysis. The study, funded by the Defense Advanced Research Projects Agency as part of its Automated Program Analysis for Cybersecurity initiative, took 6,340 hours using the newly developed DIALDroid software, a task that would have been considerably longer without it.

First author of the paper Amiangshu Bosu, an assistant professor at Southern Illinois University, spearheaded the software development effort and the push to release the code to the wider research community. Fang Liu, a fifth year Ph.D. candidate studying under Yao, also contributed to the malware detection research.

“Our team was able to exploit the strengths of relational databases to complete the analysis, in combination with efficient static program analysis, workflow engineering and optimization, and the utilization of high performance computing. Of the apps we studied, we found thousands of pairs of apps that could potentially leak sensitive phone or personal information and allow unauthorized apps to gain access to privileged data,” said Yao, who is both an Elizabeth and James E. Turner Jr. ’56 and L-3 Faculty Fellow.

The team studied a whopping 110,150 apps over three years including 100,206 of Google Play¹s most popular apps and 9,994 malware apps from Virus Share, a private collection of malware app samples. The set up for cybersecurity leaks works when a seemingly innocuous sender app like that handy and ubiquitous flashlight app works in tandem with a receiver app to divulge a user¹s information such as contacts, geolocation, or provide access to the web.

The team found that the biggest security risks were some of the least utilitarian. Apps that pertained to personalization of ringtones, widgets, and emojis.

“App security is a little like the Wild West right now with few regulations,” said Wang. “We hope this paper will be a source for the industry to consider re-examining their software development practices and incorporate safeguards on the front end. While we can¹t quantify what the intention is for app developers in the non-malware cases we can at least raise awareness of this security problem with mobile apps for consumers who previosuly may not have thought much about what they were downloading onto their phones.”


Story Source:

Materials provided by Virginia Tech. Note: Content may be edited for style and length.