Aadhaar Vendor, Recently Linked With CIA, Says It Does Not Store or Capture Customers’ Biometric Information

Cross Match Technologies, a US-based company that offers biometric products and services to a range of customers including India’s Aadhaar authority (UIDAI), told Gadgets 360 that it has not captured, or stored, or processed any personal private information of its customers. The clarification comes days after WikiLeaks reported that US federal agency CIA had the capability to hijack Cross Match’s software and use it to spy on Cross Match clients, theoretically giving it access to biometric data of over 1 billion Indians, if UIDAI were to be one of the organisations targeted. But Cross Match has clarified that its software does not have such capabilities.

John Hinmon, vice president of global marketing at Cross Match Technologies, told Gadgets 360 that the US-based company takes personal privacy very seriously. He added that Cross Match “does not capture, store or process in any manner personal private information, such as fingerprint images, collected by any of its customers,” adding that the company doesn’t have the “technical ability” to “covertly ‘remote into’ databases and systems that do store such personal data, nor have we ever been involved in developing or supporting such capability for any government or private entity.”

“Crossmatch’s fingerprint scanners and software allow end users to capture, store and process those images in their own systems, under security protocols defined by that end user. Typically, these systems are accessible only by trusted ‘administrative users.’ To be clear, this is the case with India UID. All software utilised with our scanners was developed, tested and certified under the direction of India UID,” Hinmon told Gadgets 360. “We value our partnership with India to support the historic and progressive Aadhaar program that widens social and economic inclusion and channels welfare payments more effectively.”

Earlier this week, WikiLeaks published secret CIA documents detailing a biometric collection system that the US agency ran, for which it worked with its intel partners including the National Security Agency (NSA), the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). The intel partners were “expected” to “voluntarily” share the biometric information they collected, WikiLeaks reported.

The CIA, however, didn’t find the arrangement for the biometric collection system sufficient so it reportedly created a secret program called ExpressLane, using which it installed a trojan — disguised as software update — that would covertly collect the biometric information, according to WikiLeaks. Citing CIA’s internal documents, WikiLeaks alleged that the agency was also using Cross Match’s technologies for its biometric collection system, and ExpressLane program could compromise Cross Match’s services.

In the aftermath of the WikiLeaks’ revelation, reports claimed that the CIA could have managed to access and collect the biometric information — Aadhaar data — of Indians, since the UIDAI has also worked with Cross Match Technologies. It needs to be stressed that there is no evidence in WikiLeaks’ report that explicitly states that the Aadhaar infrastructure is impacted, too. It is also not known whether Cross Match still provides its services to UIDAI.

More than 1.17 billion people have enrolled in the Aadhaar system — for which a person’s print of all fingers, iris data, and other private information such as name, data of birth, address, and phone number — are collected. Originally conceptualised to help a portion of Indians avail social welfare programs, the central government has made Aadhaar identity mandatory for availing several other services including filing income tax returns and getting a new phone number.

Aadhaar Vendor, Recently Linked With CIA, Says It Does Not Store or Capture Customers' Biometric InformationAccording to a press release issued by Cross Match in 2011, it had received a three-year certification to supply biometric authentication solutions to UIDAI. “Today’s milestone demonstrates that Cross Match, as a global leader in image quality and performance, and its Indian partner for the UID program, Smart Identity Devices Pvt. Ltd. (Smart ID), are ideally suited to help make this historic project a reality,” Cross Match CEO David Buckley had said then.

The issue, as reported by WikiLeaks, however is that the CIA’s ExpressLane program could gather biometric information from systems without knowledge — and presumably consent — of its intel partners. In a brief conversation with Gadgets 360, Julian Assange, the founder and publisher of non-profit organisation WikiLeaks said CIA, through its ExpressLane program, installs “trojaned versions of the Cross Match under the cover of a “[software] update.”

A CIA-assigned officer would visit offices and install ExpressLane program — disguised as software update — which would set wheels in motion to covertly collect the biometric information, according to CIA’s confidential documents published by WikiLeaks. Several documents detail how the authorised officer would install the program, and the technical details of how the program had been created.

Over the years WikiLeaks, founded in 2006, has published several confidential documents detailing various controversial programs run by governments. “Wikileaks has a solid history of producing legitimate material, but they’ve also been known to over-inflate the significance of it,” top security analyst Troy Hunt told Gadgets 360. “Especially in more recent times, there’s growing concern that the material they’re publishing is less in the best interests of the people, and more to further their own agendas. In reality, it’s probably a bit of both.”

Aadhaar Addresses All of Supreme Court’s Design Principles: Nilekani

Nandan Nilekani, co-founder and non-Executive Chairman of Infosys, who is also the architect of the UIDAI, on Friday expressed confidence that Aadhaar “addresses all design principles laid down by the Supreme Court”.

Nilekani said this during an investors’ call held on Friday, where he was asked about the apex court’s landmark judgment on right to privacy as a fundamental right and its implications on the Unique Identification Authority of India (UIDAI).

Aadhaar Addresses All of Supreme Court's Design Principles: NilekaniNilekani said: “There is a very good group to look at the data protection policy under Justice Srikrishna. The Aadhaar card will go to a smaller bench which I assume they will constitute.

“I am very confident Aadhaar will come out with flying colours because it addresses all the design principles laid down by the Supreme Court.”

“I think it’s a superb decision (by the Supreme Court). While it has upheld privacy as a fundamental right, it also acknowledges that in the interest of larger societal reasons, you may have some constraints on it.

“The court has formally said that right to privacy is a fundamental right but not an absolute right,” he added.

Nilekani, 62, who was the CEO of Infosys from March 2002 till April 2007 and its Vice-Chairman, quit the company in 2009 to head the UIDAI as its first Chairman till May 2014.

Chinese National Arrested for Using Malware Linked to OPM Hack

A Chinese national was arrested in Los Angeles earlier this week on charges he used a rare type of computer malware that was also deployed to access millions of sensitive US records from the Office of Personnel Management.

Court papers filed against Yu Pingan do not mention OPM, but they do suggest a connection between the two. The OPM hack is considered one of the worst-ever computer breaches of US government computer systems, because the hackers were able to access a huge volume of information from security clearance forms filed by federal workers and contractors.

The suspect, along with other conspirators in China “would acquire and use malicious software tools, some of which were rare variants previously unidentified by the FBI and information security community, including a malicious software tool known as ‘Sakula’,” the criminal complaint states.

Chinese National Arrested for Using Malware Linked to OPM HackThe Sakula malware has previously been linked to the OPM hack, as well as other suspected computer system penetrations in the United States.

Yu, 36, was arrested Monday night when he flew into Los Angeles International Airport, officials said.

US officials have previously said the Chinese government is responsible for the OPM hack, which breached major databases and exposed the sensitive information of about 22.1 million people, including not just federal employees and contractors but their families and friends.

The charges filed against Yu concern earlier alleged computer breaches of three US companies. He is accused of conspiracy to commit computer hacking for those incidents, which took place from 2012 to 2014.

Amazon to Lower Whole Foods Prices as Soon as Purchase Is Finalised on Monday

Amazon’s $13.7 billion purchase of Whole Foods Marketwill be finalised Monday, and shoppers will see an immediate markdown in prices on a number of items, including salmon, avocados, baby kale and almond butter, as the tech giant looks to shake up the grocery business.

Amazon and Whole Foods announced the news on Thursday.

“The two companies will together pursue the vision of making Whole Foods Market’s high-quality, natural and organic food affordable for everyone,” they said in a joint statement. “Whole Foods Market will offer lower prices starting Monday on a selection of best-selling grocery staples across its stores, with more to come.”

Amazon said it will continue to lower prices at Whole Food stores and will eventually offer special discounts and in-store benefits to Amazon Prime members. (Jeff Bezos, the founder and chief executive of Amazon, owns The Washington Post.)

Other foods that will be cheaper beginning next week: Bananas, eggs, ground beef, rotisserie chicken, butter and apples.

“Everybody should be able to eat Whole Foods Market quality – we will lower prices without compromising Whole Foods Market’s long-held commitment to the highest standards,” Jeff Wilke, chief executive of Amazon Worldwide Consumer, said in a statement. “There is significant work and opportunity ahead, and we’re thrilled to get started.”

Analysts said the slashing of prices was an obvious move. Whole Foods – nicknamed “whole paycheck” in some circles – has long struggled to shed its reputation as a pricey alternative to other supermarket chains. The company’s prices are about 15 percent higher than at the average grocery store, according to Morgan Stanley.

“Amazon is playing to its strengths here, said Michelle Grant, head of retailing at Euromonitor International, a London-based market research firm. “Obviously the low-cost approach is in Amazon’s DNA, and it’s something Whole Foods has been struggling with for a quite some time.”

For Seattle-based Amazon, the addition of Whole Foods means laying claim to more than 460 physical locations and an inroad into the competitive $600 billion grocery industry. The company will add Whole Foods’ private label products – including 365 Everyday Value, Whole Paws and Whole Catch – to Amazon.com, AmazonFresh and Prime Pantry. Some Whole Foods stores also will begin adding Amazon Lockers, where customers can pick up online orders or drop off returns.

“Grocery has always been the achilles heel for Amazon,” Grant said. “Amazon’s competitive advantage is its speed – and that’s what it’s bringing here, with quick turnaround and quick changes.”

Amazon announced plans to buy Whole Foods in June. The deal received regulatory approval from the Federal Trade Commission – as well as a green light from Whole Foods shareholders – on Wednesday.

“Change is coming much faster than anyone imagined,” Neil Saunders, managing director of GlobalData Retail, said in an email. “Amazon is wasting no time in making the most of its newest division.”

And, he added, there is already significant overlap between the customers of the two companies. More than 70 percent of Whole Foods’ main customers are members of Amazon Prime. The loyalty program, which has an annual fee of $99, offers a number of perks, including free two-day shipping, video streaming and discounts on recurring purchases of household goods and diapers.

Amazon to Lower Whole Foods Prices as Soon as Purchase Is Finalised on MondayNews of the impending deal has rattled the grocery industry, which is already struggling to keep up with growing competition. Although Whole Foods remains a niche chain – Walmart and Sam’s Club, by comparison, have 10 times as many stores- analysts say an Amazon-backed grocer could have broad implications on pricing and profits.

“Rivals should be under no illusion that they are now dealing with a competitor that is not afraid to damage profits and margins if it creates long-term gains,” Saunders said. “This will only add further pressure to already crimped margins in the sector.”

On Thursday, stock prices of rival grocers took a hit on the promise of lower-priced goods at Whole Foods. Shares of Kroger, which was rumored late last year to be considering its own takeover of Whole Foods, fell more than 8 percent. SuperValu, with a network of 2,000 stores across the country, was down more than 6 percent, while Costco dipped about 5 percent. (Shares of Whole Foods, meanwhile, rose about 1 percent.)

Google Search Now Shows a Screening Test If You Search for Depression

Google Search users in the US will soon be able to take a screening to determine whether they are depressed. The clinically approved test is optional, and will show up when Google Search users in the US look up “depression” on the search engine. It will be placed as a box on top of the results on mobile on search result page, which Google calls Knowledge Panel. This panel includes information on what depression is, its symptoms, and possible treatments. The company has also partnered with the National Alliance on Mental Illness (NAMI) to ensure the information shared in the Google Search depression questionnaire is accurate.

“Now when you search for ‘clinical depression’ on Google on mobile, you’ll see a Knowledge Panel that will give you the option to tap ‘check if you’re clinically depressed’, which will bring you to PHQ-9, a clinically validated screening questionnaire to test what your likely level of depression may be. To ensure that the information shared in the PHQ-9 questionnaire is accurate and useful, we have partnered with the National Alliance on Mental Illness on this announcement,” Google said in a blog post.

google depression DepressionAccording to Google spokesperson Susan Cadrecha, cited by The Verge, this new Google Search feature is being rolled out on mobile in the US soon and it is not meant to subvert a medical evaluation.

“The results of the PHQ-9 can help you have a more informed conversation with your doctor,” according to NAMI, which partnered with Google on the questionnaire.

According to NAMI, clinical depression is a fairly common condition with almost one in five Americans experiencing an episode in their lifetime. But only about 50 percent of people who have depression get treated for it.

“Mental health professionals often refer to major depressive disorder as clinically significant depression or clinical depression. Clinical depression is a treatable condition which can impact many aspects of a person’s life. The PHQ-9 can be the first step to getting a proper diagnosis,” the NAMI statement added.

Smartron Unveils ‘tronX’ AI-Based IoT Platform

Home-grown technology and Internet of Things (IoT) company Smartron on Thursday unveiled ‘tronX’ – an Artificial Intelligence (AI)-powered IoT platform that would help make users’ daily life easier and smarter.

Terming it as one of the first global technologies being developed in India, the company said ‘tronX’ is an intelligent ecosystem that helps connect a range of devices.

Built on the world of ‘Internet of Trons’, the ecosystem allows instant access to profile, data, content, services, Cloud, care, community and other IoT devices whether you are at home, in the car or at the office.

“Smartron has been working for more than two years on creating a new connected ecosystem fuelled by AI-powered ‘IoT’ and ‘tronX’ is at the core of this brave new world,” Mahesh Lingareddy, Founder and Chairman, Smarton, told IANS here.

Lingareddy added that the company was excited to unveil ‘tronX’ that is a kind of next-generation operating system designed to run seamlessly across devices.

The platform has been designed to deliver “highly intelligent and localised experiences, services and care support critical to IOT success”.

On being asked about the help Smartron took in terms of hardware and software from other players, Lingareddy said that “we already have many companies that have partnered with us in delivering innovative hardware and software solutions”.

“If your phone foresees traffic through Maps, as soon as you wake up, it will automatically notify you. The platform would switch on the geyser for you and as the system goes through your daily schedule, it will even book a cab for you,” the company executive said.

To begin with, Smartron announced four verticals that are in the works at its R&D facility and already have built in capabilities that integrate in our lives: ‘tronX Personal’, ‘tronX Health’, ‘tronX Home’ and ‘tronX Infra’.

Smartron Unveils 'tronX' AI-Based IoT Platform‘tronX Personal’ offers personalised entertainment, travel, shopping, financial, health, event, communication and collaboration experiences across devices and contexts.

With ‘tronX Health’, the system monitors and manages medical history, insurance data and offers intuitive and preventive solutions from a range of partners who are already on board.

‘tronX Home’ helps control locking mechanisms, security updates, home appliances, services like water, electricity and payment modules for these services, all available through a Voice Activated Assistant.

‘tronX Infra’ is Smartron’s B2B vertical, offering an AI-assisted system that covers a range of monitoring and management services, thus increasing productivity and security for enterprises.

Smartron was founded with a vision to build India’s first true global OEM brand to revolutionise the country’s ecosystem and create experiences that are on par with global innovations.

Alleged Yahoo Hacker in Canada Agrees to Extradition to US

A Canadian man accused in a massive hack of Yahoo emails agreed Friday to forgo his extradition hearing and go face the charges in the United States.

Karim Baratov was arrested in Hamilton, Ontario, in March under the Extradition Act after US authorities indicted him and three others, including two alleged officers of Russia’s Federal Security Service. They are accused of computer hacking, economic espionage and other crimes.

An extradition hearing for the 22-year-old Baratov had been scheduled for early September, but he signed documents before a Canadian judge Friday agreeing to waive it.

His lawyer, Amedeo DiCarlo, said that does not amount to an admission of guilt.

Alleged Yahoo Hacker in Canada Agrees to Extradition to USDiCarlo said the move will accelerate the legal process and was the best way to speed up discussions with the US prosecutor. US marshals will soon be sent to fetch Baratov and take him to California, he added.

US law enforcement officials call Baratov a “hacker-for-hire” paid by members of the Federal Security Service, or FSB, considered the successor to the KGB of the former Soviet Union. He has Kazakh origins, arrived in Canada in 2007 and became a citizen in 2011.

Alexsey Belan, one of the other suspects, is on the FBI’s list of most wanted cybercriminals and has been indicted multiple times in the United States. It’s not clear whether he or the other two defendants, Dmitry Dokuchaev and Igor Sushchin, will ever step foot in an American courtroom because the United States does not have an extradition treaty with Russia.

The indictment identifies Dokuchaev and Sushchin as officers of the FSB. Belan and Baratov were allegedly directed by the FSB to hack into the accounts.

Google Touts Titan Security Chip to Market Cloud Services

Alphabet Inc’s Google this week will disclose technical details of its new Titan computer chip, an elaborate security feature for its cloud computing network that the company hopes will enable it to steal a march on Amazon and Microsoft.

Titan is the size of a tiny stud earring that Google has installed in each of the many thousands of computer servers and network cards that populate its massive data centres that power Google’s cloud services.

Google is hoping Titan will help it carve out a bigger piece of the worldwide cloud computing market, which is forecast by Gartner to be worth nearly $50 billion.

A Google spokeswoman said the company plans to disclose Titan’s technical details in a blog post on Thursday.

Titan scans hardware to ensure it has not been tampered with, Neal Mueller, head of infrastructure product marketing for Google Cloud Platform, said in a recent interview. If anything has been changed, Titan chip will prevent the machine from booting.

Data centre operators are concerned that cyber criminals or nation-state hackers could compromise their servers, which are mostly made by Asian hardware companies, before they even reach the United States.

“It allows us to maintain a level of understanding in our supply chain that we otherwise wouldn’t have,” Mueller said.

Neither Amazon.com nor Microsoft – which hold 41 percent and 13 percent of cloud market share, respectively, according to Synergy Research Group – have said if they have similar features. In response to inquiries from Reuters, representatives of both companies pointed to the various ways they use encryption and other measures to secure their data centres.

Google holds just 7 percent of the worldwide cloud market. Titan is part of a strategy Google hopes will differentiate its services and attract enterprise customers from sectors with complex compliance regulations, such as those in financial services and the medical field. Google announced Titan in March.

“Having physical safeguards goes a long way of telling the story of how seriously Google takes people’s security,” said Kim Forrest, vice president at Fort Pitt Capital Group.

Google Touts Titan Security Chip to Market Cloud ServicesGoogle has struggled to compete with Amazon Web Services, which has more features, and Microsoft, which has long-standing relationships with enterprises, said Lydia Leong, an analyst for Gartner.

Leong was sceptical of Google’s strategy.

“Security is a hallmark for both AWS and Microsoft,” she said this week. “Google has a lot more work to do.”

Google uses Titan chips to protect the servers running its own services like search, Gmail and YouTube, and the company claims Titan has already driven sales. It points to Metamarkets, a real-time analytics firm, as a customer it landed in part due to Titan.

Dan Cornell, principal at Denim Group, a firm that helps tech organisations build secure systems, said the rise of nation-state hacking makes such a feature timely.

“Those level of adversaries certainly have an incentive to hack or to have influence over the security of hardware. It’s interesting of Google to say, ‘Here’s one part of the hardware that we’re going to control.'”

India One of the Top Targets of Web Application Attacks, Finds Akamai

India ranks eighth among countries most frequently targeted for web application attacks and stands fifth on the list of source countries, with close to 12 million attacks sourced from the country, a new report said on Wednesday.

According to a report by Cloud delivery firm Akamai, there has been a 28 percent year-over-year (YoY) increase in total Distributed Denial of Service (DDoS) attacks globally in the second quarter of 2017.

The rise, which was followed after three quarters of decline, was mainly attributed to ‘PBot’ malware which emerged as the foundation for the strongest DDoS attacks.

India One of the Top Targets of Web Application Attacks, Finds Akamai“Events like the ‘Mirai botnet’, the exploitation used by ‘WannaCry’ and ‘Petya’, the continued rise of ‘SQLi’ attacks and the re-emergence of ‘PBot’ all illustrate how attackers will not only migrate to new tools but also return to old tools that have previously proven highly effective,” said Martin McKeay, Senior Security Advocate at Akamai, in a statement.

Egypt was found to be the source of maximum number of attacks with unique IP addresses, contributing 32 per cent globally, the report titled ‘Q2 2017 State of the Internet/Security Report’ stated.

Though the frequency of DDoS attacks increased, the number of IP addresses involved in volumetric DDoS attacks dropped 98 percent from 595,000 to 11,000 indicating the use of fewer devices to launch such attacks.

One gaming company was attacked 558 times which is approximately six times a day on average, the report said.

Jet Airways Partners With Airbnb, Expands Hospitality Choices for Passengers

Private carrier Jet Airways has taken onboard California-based home-share booking site Airbnb to offer a range of global hospitality choices to its guests from India.

The partnership with Airbnb, the first by an Indian carrier, will help Jet Airways strengthen its portfolio of choices for stay that it currently offers its guests, a release said.

The airline’s chief commercial officer Jayaraj Shanmugam said, “An increasing number of Indian travellers are embracing the fresh and highly personalised experiences that a platform like Airbnb offers.

“Our focus on being innovative and offering differentiated travel experiences enables us to anticipate the changing needs of our guests and recognise trends much earlier than the market, thus allowing us to offer exciting travel related initiatives,” he said.

Jet Airways Partners With Airbnb, Expands Hospitality Choices for PassengersThe partnership will also give momentum to the growth of Airbnb’s footprint in the Indian market, the release said.

Airbnb country manager Amanpreet Bajaj said that Indian travellers have become more decisive and are keen to break away from conventional means of travel and accommodation.

Jet Airways group, which also includes its subsidiary JetLite, currently operates a fleet of 113 aircraft.

Besides flying to a number of domestic destinations, the Mumbai-based private airline operates its flight services to overseas destinations across South East Asia, South Asia, Middle East, Europe and North America.