US blacklists seven Chinese supercomputer groups

The US has blacklisted seven Chinese groups it accuses of building supercomputers to help its military.

It is the first move by the Biden administration to make it harder for China to obtain US technology

On Thursday, three companies and four branches of China’s National Supercomputing Center were added to the US blacklist.

This bars American companies from exporting technology to the groups without proper approval.

The US commerce department said the groups were involved in building supercomputers used by Chinese “military actors” and facilitating programmes to develop weapons of mass destruction.

The sanctioned groups are leading China’s supercomputing development and are key players in Beijing’s plan for chip self-sufficiency.

US Commerce Secretary Gina Raimondo said the Biden administration would use “the full extent of its authorities to prevent China from leveraging US technologies to support these destabilising military modernisation efforts”.media captionWhat is quantum computing?

The Trump administration had also targeted dozens of Chinese companies it suspected of using American technology for military uses, including phonemaker Huawei.

Mr Biden’s move on Thursday requires the seven Chinese groups to obtain licences to access American technologies, including chip infrastructures designed by Intel and other U.S chipmakers.

While the blacklist bars US-based companies from providing services and products to the Chinese firms, it doesn’t bar those that are produced in facilities outside of the US.

One such company is TSMC, the Taiwan-based company that has become the world’s most advanced semiconductor manufacturer.

What is a supercomputer?

Supercomputers have a considerably higher level of performance compared to a general-purpose computer and can make billions of calculations per second.

Supercomputers are made up of thousands of connected processors and are used for functions like forecasting weather and climate trends, simulating nuclear tests and for pharmaceutical research.

They are also necessary for the development of advanced weapons such as hypersonic missiles.

“Supercomputing capabilities are vital for the development of many – perhaps almost all – modern weapons and national security systems, such as nuclear weapons and hypersonic weapons,” Ms Raimondo added.

‘Not waiting around’

The US is worried about China gaining access to American technology that helps its army close the gap with the US military.

The Biden administration is currently reviewing dozens of China-related actions that Donald Trump took, including an order that prohibits Americans from investing in Chinese companies believed to be linked to the military.

“Do you think China is waiting around to invest in its digital infrastructure or research and development? I promise you, they are not waiting,” Mr Biden said in a speech on Wednesday.

Mr Biden said China and the rest of the world “are racing ahead of us in the investments they have in the future”.

‘We have your porn collection’: Hackers name and shame company’s IT Manager

Cyber-security companies are warning about the rise of so-called ‘extortionware’ where hackers embarrass victims into paying a ransom.

Experts say the trend towards ransoming sensitive private information could affect companies not just operationally but through reputation damage.

It comes as hackers bragged after discovering an IT Director’s secret porn collection.

The targeted US firm has not publicly acknowledged that it was hacked.

In its darknet blog post about the hack last month, the cyber-criminal gang named the IT director whose work computer allegedly contained the files.

It also posted a screen grab of the computer’s file library which included more than a dozen folders catalogued under the names of porn stars and porn websites.

The infamous hacker group wrote: “Thanks God for [named IT Director]. While he was [masturbating] we downloaded several hundred gigabytes of private information about his company’s customers. God bless his hairy palms, Amen!”

The blog post has been deleted in the last couple of weeks, which experts say usually implies that the extortion attempt worked and the hackers have been paid to restore data, and not publish any more details.

The company did not respond to requests for comment.

The same hacker group is also currently trying to pressure another US utility company into paying a ransom, by posting an employee’s username and password for a members-only porn website.

‘The new norm’

Another ransomware group which also has a darknet website shows the use of similar tactics.

The relatively new gang has published private emails and pictures, and is calling directly for the mayor of a hacked municipality in the US to negotiate its ransom.

In another case, hackers claim to have found an email trail showing evidence of insurance fraud at a Canadian agriculture company.

Brett Callow, a threat analyst at cyber-security company Emsisoft, says the trend points to an evolution of ransomware hacking.

“This is the new norm. Hackers are now actually searching the data for information that can be weaponised. If they find anything that is incriminating or embarrassing, they’ll use it to leverage a larger pay-out. These incidents are no longer simply cyber-attacks about data, they are full-out extortion attempts.”

Another example of this was seen in December 2020, when the cosmetic surgery chain The Hospital Group was held to ransom with the threat of publication of ‘before and after’ images of patients.

Ransomware is evolving

Ransomware has evolved considerably since it first appeared decades ago.

Criminals used to operate alone, or in small teams, targeting individual internet users at random by booby-trapping websites and emails.

In the last few years, they’ve become more sophisticated, organised and ambitious.

Criminal gangs are estimated to be making tens of millions of dollars a year, by spending time and resources targeting and attacking large companies or public bodies for huge pay-outs, sometimes totalling millions of dollars.

Brett Callow has been following ransomware tactics for years, and says he saw another shift in methods in late 2019.

“It used to be the case that the data was just encrypted to disrupt a company, but then we started seeing it downloaded by the hackers themselves.

“It meant they could charge victims even more because the threat of selling the data on to others was strong.”

Tough to defend against 

This latest trend of threatening to publicly damage an organisation or individual has particularly concerned experts because it is hard to defend against.

Keeping good backups of company data helps businesses to recover from crippling ransomware attacks, but that is not enough when the hackers use extortionware tactics.

Cyber-security consultant Lisa Ventura said: “Employees should not be storing anything that could harm a firm reputationally on company servers. Training around this should be provided by organisations to all their staff.

“It’s a troubling shift in angle for the hackers because ransomware attacks are not only getting more frequent, they are also getting more sophisticated.

“By identifying factors such as reputational damage, it offers far more leverage to extort money from victims.”

A lack of victim reporting and a culture of cover-up makes estimating the overall financial cost of ransomware difficult.

Experts at Emsisoft estimate that ransomware incidents in 2020 cost as much as $170bn (£123bn) in ransom payments, downtime and disruption.

By Joe Tidy
Cyber reporter 

AI: Ghost workers demand to be seen and heard

Artificial intelligence and machine learning exist on the back of a lot of hard work from humans.

Alongside the scientists, there are thousands of low-paid workers whose job it is to classify and label data – the lifeblood of such systems.

But increasingly there are questions about whether these so-called ghost workers are being exploited.

As we train the machines to become more human, are we actually making the humans work more like machines?

And what role do these workers play in shaping the AI systems that are increasingly controlling every aspect of our lives?

The most well-established of these crowdsourcing platforms is Amazon Mechanical Turk, owned by the online retail giant and run by its Amazon Web Services division.

But there are others, such as Samasource, CrowdFlower and Microworkers. They all allow businesses to remotely hire workers from anywhere in the world to do tasks that computers currently can’t do. 

These tasks could be anything from labelling images to help computer vision algorithms improve, providing help for natural language processing, or even acting as content moderators for YouTube or Twitter.

Mechanical Turk
image captionThe 18th Century Mechanical Turk fooled chess players into thinking they were competing against a machine

MTurk, as it is known, is named after an 18th Century chess-playing automaton which toured Europe – but was later revealed to have a human behind it.

The platform is billed on its website as a crowdsourcing marketplace and “a great way to minimise the costs and time for each stage of machine-learning development”.

It is a marketplace where requesters ask workers to perform a specific task. 

“Most workers see MTurk as part-time work or a paid hobby, and they enjoy the flexibility to choose the tasks they want to work on and work as much or as little as they like,” said a AWS spokesman.

But for Sherry Stanley, who has been working for the platform for six years, it is more like a full-time job, one that helped her financially bring up her three children, but one that has also made her feel like a very small cog in a very big machine.

“Turking is one of the few job opportunities I have in West Virginia, and like many other Turk workers, we pride ourselves on our work,” she told the BBC.

“However, we are at the whim of Amazon. As one of the largest companies in the world, Amazon relies on workers like me staying silent about the conditions of our work.”

She said she lived “in constant fear of retaliation for speaking out about the ways we’re being treated”.

It is hard to describe a typical day for Sherry because, as she puts it, “the hours vary day by day and the pay also varies”.

Woman on computer
image captionThe benefit of such work is that people can do as much or as little as they want, and work from home

But the tasks she is asked to complete are various, including image tagging and helping smart assistant Alexa understand regional dialects.

And there are also a series of issues she wants answers to, such as:

  • why some work is rejected and why workers, who may have spent a long time on it, are not told the reason that it was not up to standard
  • why some accounts are suddenly suspended without notice or official avenues for challenging the suspension
  • why requesters are setting the price of some projects at extremely low rates

“Turk workers deserve greater transparency around the who, what, why and where of our work: why our work is rejected, what our work is building, why accounts are suspended, where our data goes when it’s not paid for, and who we are working for.

Turkopticon is the closest thing MTurk workers have to a union, and the advocacy group is working to make them feel less invisible.

“Turkopticon is the one tool that Turkers have evolved into an organisation to engage with each other about the conditions of our work and to make it better,” said Ms Stanley

She is fundraising to help the organisation create a worker-operated server where contractors can talk to each other about working conditions.

In response, Amazon told the BBC that it had introduced a feature in 2019 that allowed workers to see “requester activity level, their approval rate and average payment review time”.

In a statement, it said: “While the overall rate at which workers’ tasks are rejected by requesters is very low (less than 1%), workers also have access to a number of metrics that can help them determine if they want to work on a task, including the requester’s historical record of accepting tasks. 

“MTurk continues to help a wide range of workers earn money and contribute to the growth of their communities.”

YouTube bans

YouTube logo with people in silhouette
image captionYouTube has had incidents where LGBTQ content is banned for no obvious reason – but is it the algorithm or the people behind it to blame?

Saiph Savage is the director of the Human Computer Interaction Lab at West Virginia University, and her research found that for a lot of workers, the rate of pay can be as low as $2 (£1.45) per hour – and often it is unclear how many hours someone will be required to work on a particular task.

“They are told the job is worth $5 but it might take two hours,” she told the BBC.

“Employers have much more power than the workers and can suddenly decide to reject work, and workers have no mechanism to do anything about it.”

And she says often little is known about who the workers on the platforms are, and what their biases might be.

She cited a recent study relating to YouTube that found that the algorithm had banned some LGBTQ content. 

“Dig beneath the surface and it was not the algorithm that was biased but the workers behind the scenes, who were working in a country where there was censoring of LGBTQ content.”

This idea of bias is born out by Alexandrine Royer, from the Montreal AI Ethics Institute, who wrote about what she described as the urgent need for more regulation for these workers.

“The decisions made by data workers in Africa and elsewhere, who are responsible for data labelling and content moderation decisions on global platforms, feed back into and shape the algorithms internet users around the world interact with every day,” she said.

“Working in the shadows of the digital economy, these so-called ghost workers have immense responsibility as the arbiters of online content.”

Google searches to tweets to product review rely on this “unseen labour”, she added.

“It is high time we regulate and properly compensate these workers.”

By Jane Wakefield
Technology reporter

Intel buys time with ‘retrofit’ Rocket Lake desktop PC chips

Intel has launched its latest desktop PC chips having had to retrofit some of its recent semiconductor designs to work on older transistor tech to deliver the processing power required.

The stopgap effort has consequences for both the speeds and heat they produce.

The US firm claims the Rocket Lake chips deliver a 19% headline-rate gain over the last generation, and introduce features that will help PCs keep pace with the latest gaming consoles.

Intel continues to dominate the sector.

But rivals have benefited from outsourcing production, leading to suggestions that Intel’s position as the leading CPU (central processing unit) provider is not as secure as it might appear.

Intel still leads the pack. CPU chips (Oct-to-Dec 2020).  .

Tiny switches

Transistors are basically tiny on-off switches, and billions of them are arranged in different patterns to carry out calculations on a chip.

The benefit of making them smaller is that more can be packed into the same space – allowing computers to run more quickly while potentially using less power.

Intel’s new Rocket Lake chips rely on 14 nanometre transistors, and are made within its own fabrication plants.

By contrast, its chief competitor AMD uses a contract manufacturer – Taiwan’s TSMC – to build its latest Ryzen desktop PC chips, which benefit from smaller 7nm transistors.

Intel manufacturing
image captionIntel is still refining its manufacturing processes to reliably build powerful desktop chips that use 10nm and 7nm transistors

And Apple is in the process of weaning itself off Intel to use its own designs, also produced by TSMC but using its even more advanced 5nm tech.

Fab-less pressure

There is no set way to measure transistor sizes, and Intel claims its 14nm tech equates to TSMC’s 10nm. Even so, the US firm acknowledges it is running behind. 

It had originally intended to make the transition to 10nm desktop chips between 2017 and 2019. As it is, this will not happen to a future generation launched in late 2021-2022.

And Intel is also experiencing delays in making the next leap forward to 7nm.

However, there are advantages to keeping production in-house.

It helps keep costs down.

And it also means it avoids feeding into wider concerns that the US has become over-reliant on overseas chip-producers.

Intel recently appointed a new chief executive – Pat Gelsinger – who has made it clear he intends to resist pressure from some investors to become a “fab-less” firm, a term used to refer to chip designers who do not operate fabrication plants of their own.

Pat Gelsinger
image captionChief executive Pat Gelsinger aims to reinvigorate Intel following the ousting of his predecessor Bob Swan

“The factory is the power and soul of an enterprise, and we must become even better in the future,” said Mr Gelsinger in January.

Faster frame rates

The new “11th generation” desktop chips take the microarchitecture for their CPU cores from one set of 10nm laptop chips – 2019’s Ice Lake series – and their graphics architecture from another – 2020’s Tiger Lake family.

Intel has described the process of reworking these designs for 14nm transistors as “backporting”.

Computer chip diagram
image captionThe new chips feature up to eight cores to divide up computational tasks

“We’ve been making 14nm CPUs for a long time, and part of the benefit of that is it is a very established manufacturing process to the point where we know it inside and out,” spokesman Mark Walton explained.

“So we really know how to ramp up the clock speeds – and for a gaming product, that’s really, really important.”

The firm’s own benchmarks indicate its new i9-11900K chip will deliver a boost of 14% more frames-per-second when playing Microsoft Flight Simulator over the last-generation i9-10900K, when set at high quality graphics, for example.

And Intel is also playing up other benefits, including support for PCie 4.0, which increases the bandwidth available to third-party components such as add-on graphics cards and solid state drives, effectively allowing them to shunt data about more quickly.

“You will have much faster loading times, textures will load more quickly in games, and you get a much more seamless experience,” said Mr Walton, suggesting this would counter one of the key advantages the Xbox Series X and PlayStation 5 enjoyed.

Testing hot

Intel will be marketing the new chips as offering a 19% improvement in “instructions per cycle” over their predecessors.

But the site Anandtech said it had only noticedmodest gains when testing some of the chips with games of its own choice, and in some cases said the differences were imperceptible.

“It trails behind its competitor AMD at times by a significant margin,” the site’s Dr Ian Cutress told the BBC.

AMD Chip
image captionAMD is also targeting its latest range of desktop chips at gamers

Moreover, the review also highlighted that the chips could run very hot.

Intel has removed a very thin layer of material between the block of semiconducting material on which the CPU’s circuits are fabricated and the “heat spreader” on top to help keep the components cool.

But Anandtech recorded peak temperatures of 104C (219F) in one of its tests, which is only just in the safety zone.

“Intel’s laptop chips were designed specifically for the characteristics of 10nm, and that includes thermal performance and frequency, and voltage,” explained Dr Cutress.

“Because they’ve done a retrofit, compromises have had to be made – they still get the performance gains, but it’s at the expense of needing lots of power and potential heat issues.”

Intel chip
image captionIntel has used a process called “dye thinning” to remove a layer of material from the chip to help keep it cool

In real-world terms, that means if users give the chip taxing tasks and do not have proper cooling, the chip may throttle its own performance to avoid damage.

One added consequence is that Intel is only offering Rocket Lake chips with a maximum of eight cores – the more cores you have the faster a program can run if optimised to share the load between them.

By contrast, AMD’s Ryzen chips go up to 16.

However, AMD’s newest processors remain in short supply. 

And one advantage Intel has as its own manufacturer, is that it can relatively easily adjust production to match demand.

By contrast, AMD must vie with Apple, Nvidia and others for TSMC’s capacity.

By Leo Kelion
Technology desk editor

Cyber flaws: How hackers made millions of dollars ‘legally’ – bug tracing

Hackers earned a record $40m (£28m) in 2020 for reporting software flaws via a leading bug bounty reporting service.

HackerOne hackers
image captionHackerOne hosts regular events bringing its hackers together

HackerOne said nine hackers made more than $1m each after they flagged their findings to affected organisations.

One Romanian man, who only started bug-hunting two years ago, saw his total earnings to date top $2m. The UK’s top-earning hacker made $370,000 last year.

The platform suggested the pandemic had given the volunteers more time to pursue the endeavour.

A survey HackerOne commissioned indicated that 38% of participants had spent more time hacking since the Covid-19 outbreak began.

‘Literally shaking’

Many of those involved work part-time and are based in dozens of different countries including the US, Argentina, China, India, Nigeria and Egypt. 

Katie Paxton-Fear
image captionLecturer Katie Paxton-Fear is a bug bounty hunter in her spare time

The amount of money awarded depends on the severity of the flaw, and can range from less than $140 to much bigger sums.

HackerOne, which is based in California, charges a subscription fee to businesses for use of its platform.

British bug bounty hunter Katie Paxton-Fear, a lecturer at Manchester Metropolitan University, says she looks for bugs in her spare time. 

Whilst the money is good, she says it is not a get-rich-quick activity.

“I’ve earned around £12,000 in 12 months,” she told the BBC.

“I remember finding my first bug and literally shaking and realising: ‘Wow I just saved people from a pretty big flaw.’

“I’m not just using my time to win a prize, I’m actively helping secure applications I use, so for me it’s a challenge mixed with doing something good.”

Another similar platform called YesWeHack, which is based in France, said its 22,000 hackers had submitted double the number of bugs in 2020 than the previous year.

It does not release figures on money rewards made via its service.

“Given the new risks and the importance of cyber-security in the economic survival of companies, an increasing number of chief information security officers have turned to bug bounties,” said chief executive Guillaume Vassault-Houlière.

Another, BugCrowd, said it saw a 50% increase in submissions on its platform in the last 12 months.

Bounty sceptic

Commercial bug bounty programmes have grown in popularity in the last five years, but some experts think there are flaws to the system if they are relied upon too heavily.

Security researcher Victor Gevers, who runs the GDI Foundation for responsible disclosure in the Netherlands, said he never accepted money for bugs he found. 

“We don’t participate in bug bounties because they are sometimes quite narrow in their scope and only give researchers permission to look for flaws in certain parts of their systems,” he said.

“We want to be able to ethically search for vulnerabilities where we think they are, and maintain our independence. 

“But for starting security researchers or students, then these commercial bug bounty platforms are great as they offer a lot of protection, resources and are a perfect place to start.”

By Joe Tidy
Cyber reporter

Britain’s GCHQ cyber spies embrace the AI revolution

By: Guy Faulconbridge

Britain’s cyber spies at the GCHQ eavesdropping agency say they have fully embraced artificial intelligence (AI) to uncover patterns in vast amounts of global data to counter hostile disinformation and snare child abusers.

AI, which traces its history back to British mathematician Alan Turing’s work in the 1930s, allows modern computers to learn to sift through data to see the shadows of spies and criminals that a human brain might miss.

GCHQ, where Turing cracked Germany’s naval Enigma code during World War Two, said advances in computing and the doubling of global data every two years meant it would now fully embrace AI to unmask spies and identify cyber attacks.

The world’s biggest spy agencies in the United States, China, Russia and Europe are in a race to embrace the might of the technological revolution to bolster their defensive and offensive capabilities in the cyber realm.

“AI, like so many technologies, offers great promise for society, prosperity and security. Its impact on GCHQ is equally profound,” said Jeremy Fleming, the director of GCHQ.

The Cheltenham-based Government Communications Headquarters (GCHQ) – the British equivalent of the NSA – is publishing a paper “Pioneering a New National Security: The Ethics of AI” confirming its full use of the technology.

“AI will be a critical issue for our national security in the 21st century,” the report, released on Thursday, said.

While AI is not yet at the science-fiction stage of competing with humans to generate revolutionary ideas such as AI itself, computer software can see patterns in data within seconds that human minds would take hundreds of years to see.

GCHQ has been using basic forms of AI such as translation technology for years but is now stepping up its use, partly in response to the use of AI by hostile states and partly due to the data explosion which makes it effective.

Hostile states were using AI tools in an attempt to undermine free societies by spreading disinformation, GCHQ said, so it would use AI to counter such networks.

Similarly, AI could be deployed against organised crime or child abusers to uncover their networks or the maze of complex financial transactions which have traditionally been used to shield criminal empires.

In cyber intelligence, the United States is ranked by the Harvard Kennedy School’s Belfer Center as the top global power, followed by Britain, China and Israel.

“We can expect the deployment of new computing techniques, synthetic biology and other emerging technologies over the next few years,” GCHQ said in the report.

“Each new development helps our economy and society grow stronger, and provides opportunities to keep us secure, but also has the potential to be misused by those who seek to do us harm.”