P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 02-12-20, 07:11 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - December 5th, ’20

Since 2002































December 5th, 2020




EU Intellectual Property Study Says Piracy Rates Are Falling
Bill Toulas

• Fewer people choose to pirate content in Europe today, as legit streaming platforms are taking them away.
• In most cases, these people are heavy content consumers looking to access a wide spectrum of media.
• In general, piracy is considered an acceptable activity as long as it’s done for personal use.

A new study published by the European Union Intellectual Property Office (EUIPO) shines a light on how piracy rates move today. The results are in line with similar findings of past studies.

More specifically, there are fewer pirates right now across the continent, and the trend continues to point downwards. The study is based on the answers given by 25,636 anonymous participants living in 27 European countries.

Out of all respondents, only 8% admitted downloading or streaming copyright-protected content using illicit means like torrent sites or pirate IPTV platforms. Previously, the percentage of pirates was around 10%, so there’s a clear drop that is being recorded here.

Luxembourg and Slovenia reported higher piracy rates, with 18% and 17%, respectively. In contrast, Greeks, Polish, and Italians reported themselves as being among the most lawful in the EU, with only 6% of them confessing downloading pirated media. Romanians topped the list, with a mere 4% of the participants having downloaded pirated content in the last 12 months.

Of those who did engage in pirate activities, a respectable 59% used legal services as well. This indicates that they resorted to illegal distribution channels to access content that was out of reach in their countries, or maybe because they couldn’t cover the cost of subscribing to all the different services that broadcast that content.

As for the people who are not pirates, they declared that it is generally acceptable to obtain content illegally from the internet as long as it’s for personal and not commercial use – and if there’s no available legal alternative. Of course, there are discrepancies here, too, with Bulgarians accepting pirating activities by up to 50%, while Finnish maintaining a much stricter stance with only 20% of the respondents agreeing that any circumstance makes pirating acceptable.

So, if piracy rates are indeed falling, you may be wondering why exactly is it happening? First and foremost, streaming platforms have played a pivotal role in giving people an inexpensive and easy to access legal alternative. Secondly, Europol’s activities towards bashing pirates across the continent are finally starting to leave a mark in the community.

Thirdly, many people are getting fed up with the poor quality of pirated media. And finally, a growing number of people realize the harm that pirating does to creators, so they simply choose not to do it.

Piracy hasn’t disappeared yet, and it’s not expected to be completely wiped from the face of the Earth any time soon, but it is unmistakably losing the battle against those who try to contain it. Sure, some pirates will persist no matter what happens, and the reasons to do this will not cease to exist entirely, but it is gradually turning into an underground activity.
https://www.technadu.com/eu-intellec...alling/227151/





Brazil Hits Enter on Digital Piracy Crackdown

The shift from pirate DVDs to illegal streaming applications has prevented organized crime from cashing in
Alessandro Ford

Brazilian authorities have launched a nationwide operation against digital piracy in conjunction with US and UK law enforcement but doubts remain about how connected the practice is to more traditional aspects of organized crime.

Since early November, Brazil’s Ministry of Justice and Public Security has launched the second phase of Operation 404, carrying out 25 search-and-seizure warrants across 10 federal states that led to the blocking of 65 illegal content streaming applications and 252 Brazilian websites, as well as 27 British and 3 American websites, according to a government press release.

The government has insisted this operation was targeting organized crime. Brazil’s Minister of Justice and Public Security, André Mendonça, stated on Twitter that the lucrative profits demonstrated digital piracy was “not just a crime of copyright, but also money laundering and possible criminal organization,” while the US Department of Justice went even further in their own press release, citing one top official as saying “[i]llegal streaming…feeds a criminal enterprise whose profits support organized crime endeavors.”

The operation led to the seizure of luxury cars, firearms, cash and credit cards, with bank documents revealing one individual was accruing annual profits of $17 million. Suspects generated their revenue by capturing signals to illegally re-transmit films, series and TV shows to their subscribers, while also running commercial advertisements on their pirated sites.

Operation 404’s second phase builds on the achievements of its first phase in November 2019, when the carrying out of 30 search-and-seizure warrants across 12 states led to the suspension of 100 illegal content streaming applications and 210 websites, according to a press release.

It came six months after the US Trade Representative’s 2019 Report included Brazil on its “Watch List” for “long-standing concerns about Brazil’s Intellectual Property (IP) enforcement activities,” a list the country has remained on in the 2020 Report due to “levels of counterfeiting and piracy in Brazil, including online piracy and use of unlicensed software, remain[ing] excessively high.”

InSight Crime Analysis

Digital piracy is becoming an increasing priority for Brazilian law enforcement, who have sought to raise the profile of this illegal industry by linking it to traditional criminal groups. Yet evidence of such links remains minimal, particularly in the case of illegal streaming.

Americas Quarterly reported in 2019 that Brazil’s lost tax revenue from piracy of cable TV topped $1.2 billion in 2017, with the country’s roughly 2 million illegal streaming “black boxes” – essential for unlicensed viewing — being primarily manufactured in China, already set with “pirate friendly” configurations, and exported to Paraguay for smuggling across Latin America via well-travelled contraband routes.

But while Brazil has long been a hub for pirated DVDs and CDs, until recently openly sold by informal vendors in outdoor markets, this has mostly been a gray economy. According to Alexander Dent, chair of anthropology at George Washington University and author of a recent book on digital piracy in Brazil, it was the market’s criminalization by police crackdowns in the late 2000s that drew organized crime’s attention to digital counterfeiting.

In São Paolo, the First Capital Command (Primeiro Comando da Capital – PCC) did become involved in extorting vendors of pirate DVDs, threatening those who would not pay, and a 2008 report claimed the PCC had supplemented their micro-trafficking activities with the pirating of DVDs and CDs. But the technological shift from pirating physical units to illegally accessing streaming services is likely to have curtailed that involvement.

And while there are recent reports that some of Brazil’s militias are involved in both installing pirated cable TV and extorting internet networks in neighborhoods, this appears to be a part of broader dynamics where these militias provide all essential services in areas under their control. Those arrested in Operation 404 predominantly seem to be lone entrepreneurs with digital skills rather than members of organized crime cells.

Furthermore, given the low barrier to entry and high profits of illegal re-transmission of entertainment content, law enforcement crackdowns are unlikely to be effective, Dent told InSight Crime. And the crackdown on informal vendors selling pirated DVDs has been “[expensive], has yielded a criminalization of a once entrepreneurial market, and has damaged the lives of many people,” he added.
https://www.insightcrime.org/news/br...acy-crackdown/





'Tis The Season: Congress Looks To Sneak In Unconstitutional Copyright Reform Bill Into 'Must Pass' Spending Bill
Mike Masnick

If you have to sneak your transformational copyright bill into a "must pass" government spending bill, it seems fairly evident that you know the bill is bad. Earlier we talked about how the White House is trying to slip a Section 230 repeal into the NDAA (military appropriations) bill, and now we've heard multiple people confirm that there's an effort underway to slip the CASE Act into the "must pass" government appropriations bill (the bill that keeps the government running).

What does keeping the government running have to with completely overhauling the copyright system to enable massive copyright trolling? Absolutely nothing, but it's Christmas season, and thus it's the time for some Christmas tree bills in which Senators try to slip in little favors to their funders by adding them to must-pass bills.

We've detailed the many problems with the CASE Act, including how it would ratchet up copyright trolling in a time when we should actually be looking for ways to prevent copyright trolling. But the much larger issue is the fact that the bill is almost certainly unconstitutional. It involves the executive branch trying to route around the courts to set up a judicial body to handle disputes about private rights. That's not allowed.

At the very least, however, there are legitimate concerns about the overreach of the CASE Act, and, as such, those supporting it should at least be willing to discuss those issues honestly and debate them fairly. Slipping them into a must-pass government spending bill certainly suggests that they know that they cannot defend the bill legitimately, and need to cheat to make it law.
https://www.techdirt.com/articles/20...ing-bill.shtml





Warner Bros. Will Release All of its New 2021 Movies Simultaneously on HBO Max

For a period of one month in the United States
Julia Alexander

WarnerMedia is pushing even more aggressively into streaming by releasing every single one of its movies in 2021 simultaneously on HBO Max.

There are some limitations to the new business model. The movies will only stream on HBO Max for one month before leaving the platform for a period of time. They will also play in theaters simultaneously, keeping the relationship with movie theater distributors like AMC and Regal. The plan is to run this experiment for one year. For people who don’t have access to HBO Max in their market, it appears that theatrical releases will still be the go-to option.

The movies Warner Bros. is planning to release for now include: The Little Things, Judas and the Black Messiah, Tom & Jerry, Godzilla vs. Kong, Mortal Kombat, Those Who Wish Me Dead, The Conjuring: The Devil Made Me Do It, In The Heights, Space Jam: A New Legacy, The Suicide Squad, Reminiscence, Malignant, Dune, The Many Saints of Newark, King Richard, Cry Macho, and Matrix 4.

These titles could change depending on delays. All films will be released on HBO Max in 4K Ultra HD and HDR. The moves will also likely help WarnerMedia reach an agreement with Roku after months of fighting over a deal. WarnerMedia is also offering a limited deal, making HBO Max 22 percent cheaper for people who sign up for six months. The $69.99 price works out to just under $12 a month instead of $15.

"“We’re expecting it to continue to be choppy.”"

“We’re living in unprecedented times which call for creative solutions, including this new initiative for the Warner Bros. Pictures Group,” said Warner Bros. CEO Ann Sarnoff. “No one wants films back on the big screen more than we do. We know new content is the lifeblood of theatrical exhibition, but we have to balance this with the reality that most theaters in the U.S. will likely operate at reduced capacity throughout 2021.”

On one hand, it’s a simple decision for Warner Bros., WarnerMedia, and parent company AT&T. Executives haven’t tried to hide how important HBO Max is to the future of the business. It’s also no secret that HBO Max isn’t seeing as many subscriber additions as WarnerMedia would like. Warner Bros. tried to release a movie in theaters during the pandemic — Tenet — and the studio lost hundreds of millions of dollars. These factors, on top of a resurgence of COVID-19 cases around the world that put the next several months of any group activities at risk, present the perfect opportunity for WarnerMedia to experiment. Think of what AT&T CEO John Stankey told investors just a couple of months ago about theatrical releases in 2021:

We’re not optimistic. We’re not looking that we’re seeing here — expecting a huge recovery in theatrical moving into the early part of next year. We’re expecting it to continue to be choppy. As a result of that, we’re having to evaluate all of our options and keeping them open.

WarnerMedia also isn’t the only company using this time to experiment with things that would have played out several years from now. Disney moved Hamilton, Artemis Fowl, and Soul to streaming only exclusives. It also released Mulan exclusively on Disney Plus for $30 in September. Disney CEO Bob Chapek told analysts on the company’s recent fourth quarter call that despite the backlash the movie received, it performed well (no numbers were given) and made the case to Disney executives that a Premier Access strategy that could work. Disney will likely continue to move certain titles to Disney Plus as exclusives, but it could also decide to mirror what Warner Bros. is doing and release movies in theaters at the same time as Disney Plus.

Streaming is a balance game: there needs to be a consistent addition of new titles to attract subscribers as a platform scales, with a full library of beloved and various TV shows and movies that keep people around. You likely won’t sign up for HBO Max just to watch Friends, but you might sign up to watch Wonder Woman 1984 and then stick around to watch Friends. That’s part one. But the increased competition in the space means that competitors are doing the same thing, often with big franchise IP (Disney) or top talent (Netflix, Amazon).

The key to “winning” is demanding attention. By having a new mega release every single month, there are more reasons for people to stay subscribed. Having those constantly, on top of regular library programming that keeps people opening HBO Max in between big releases, keeps attention. (Netflix knows this and executes on it very well.) It’s a constant cycle of needing more, needing quality, and needing big.

"Streaming is a balance game"

One of the big questions this development brings up is what happens to theaters? 2020 has been one of the most devastating years for the theatrical industry. Now, it’s tougher than ever to convince people to risk their lives in a theater when studios are making films available to them to watch at home. Theater chains have pointed to studios moving their titles to streaming platforms as a big part of the problem, but the theater industry has struggled for decades.

In 2019, people, on average, visited a movie theater less than four times, according to Bloomberg — a record low since 2002. Of the movies people did go out to see, 25 of the top-grossing films made up 50 percent of the box office. Those movies are important to the studios (Avengers: Endgame brought in $2.8 billion) and the theaters. AMC needs Disney, but Disney would also like to keep its relationship with AMC.

The real question is whether Warner Bros. is working out deals with the theaters to make this transition beneficial to both sides. When Universal worked out its deal with AMC Theaters for a shorter exclusivity window (the time a movie must play in theaters before it can end up on digital retailers like Amazon or NBCUniversal’s Peacock), AMC CEO Adam Aron noted that AMC would also receive some form of revenue. Warner Bros. doesn’t want to lose its relationship with AMC, making it reasonable to assume that some kind of deal was put in place before the announcement.

Blockbusters are always going to go to theaters in some form. Warner Bros., however, is betting big that the future of theaters isn’t only going to be in theaters — and it’s going all in on that in 2021. Executives are betting on simultaneous releases to help drive as much revenue as possible, from wherever people want to watch. If that’s in a theater, sure. If it’s at home, great.

What’s increasingly clear, however, is that, despite WarnerMedia saying this is a one-year event, it’s probably not. Once the genie is out of the bottle, it’s hard to stuff back in.
https://www.theverge.com/2020/12/3/2...quad-space-jam





Inside AT&T’s WarnerMedia as it Dismantles the Old Time Warner to Battle Netflix
Alex Sherman

• CNBC spoke with more than a dozen former and current WarnerMedia executives to gauge how John Stankey and Jason Kilar are progressing with HBO Max.
• Many executives expressed concerns about rushed decision making and the disintegration of Time Warner’s creative culture.
• While HBO Max’s launch has been bumpy, Stankey has proved to be out in front of big media reorganizations.

In December 2018, John Stankey sat down with HBO CEO Richard Plepler and his leadership team.

Stankey, the AT&T veteran running WarnerMedia at the time, was meeting with division heads to hear ideas on how to combat the threat from Netflix and the secular decline of cable television. This was the first time Stankey had heard from Plepler’s full team about their plan.

HBO was the crown jewel of Time Warner, which AT&T had recently acquired for $100 billion with debt. It took two years and a legal battle with the Trump administration to close the deal. It was the biggest media acquisition since the last time Time Warner was acquired in 2000, when America Online paid $162 billion. All that effort and money was a bit confounding to people. Why did a telephone company need to own a premium content business?

Stankey was the driving force behind the acquisition, and the clear favorite to take over as the next CEO of AT&T. Its success or failure would hinge on HBO, which already had more than 30 million subscribers and a sterling reputation in Hollywood and with consumers.

According to five people familiar with the meeting, Plepler laid out a simple path forward:

First, give HBO more money to spend on content.

Second, augment the Cinemax premium TV channel with more family-friendly original, library, and licensed children’s programming.

Third, sell HBO and Cinemax together for a couple dollars more than HBO — around $17 per month.

Fourth, hammer out a deal with Comcast, the largest U.S. cable company, allowing the broadband distributor to sell HBO Go directly to broadband-only customers.

Finally, and most importantly, don’t blow HBO up.

Plepler’s team estimated this plan would guarantee $7.5 billion in annual revenue plus future upside depending on the success of the new content.

Stankey heard them out. Then, he ignored their advice. Stankey had bigger ambitions for streaming video. Less than three months later, Plepler announced he was leaving WarnerMedia.

Instead, Stankey decided to use HBO as the centerpiece for a new mission: Build a true Netflix competitor, dubbed HBO Max. When Stankey took over as AT&T’s CEO this year, he passed that goal to new WarnerMedia CEO Jason Kilar, who previously launched Hulu. HBO Max launched in May.

Along the way, Stankey has dismantled the old Time Warner, spurring dozens of executives from all parts of the company to depart. He is attempting to funnel all of the company’s resources from cable, film, and HBO into HBO Max, as he told CNBC last year.

Disney, Comcast’s NBCUniversal and ViacomCBS are all going through similar changes now to prepare for a world where subscription streaming services overtake cable as the world’s primary form of television consumption. Stankey — the MBA-buzzword, deep-voiced phone guy — was ahead of the trend.

Still, his vision has irritated some veteran WarnerMedia executives, who question Stankey’s knowledge of media. The execution of his mission, which Kilar has overseen since May, has so far been marred by strategic confusion and culture clashes, according to more than a dozen high-ranking WarnerMedia employees, about half of whom have left the company in the past six months.

For now, investors don’t like what they see. AT&T is trading near a 10-year low. Meanwhile Verizon, AT&T’s closest competitor, is trading near an all-time high. The most glaring difference between the two companies? Verizon didn’t spend $170 billion buying Time Warner and DirecTV in the past five years.

This is the story of the transition from Time Warner to WarnerMedia, and the bumps that have happened along the way.

Netflix envy

Alhough Stankey was new to media, he suffered the same disease as every other media executive: Netflix envy.

He thought Plepler was aiming too low. Plepler’s plan to generate $7.5 billion in annual revenue was 12% more than HBO’s eventual 2019 revenue. But it was a far cry from the $20 billion Netflix generated.

Stankey told Plepler he wanted a direct-to-consumer solution that could get to at least 60 million subscribers in five years, according to people familiar with the matter. HBO subscriptions had fallen from about 37.5 million in 2017 to 34.5 million in 2019. Over the same time, Netflix global subscriptions jumped 50%, from 111 million to 167 million.

If Stankey could convince investors that HBO Max would mirror Netflix’s growth trajectory, he might be able to capture a higher trading multiple for AT&T. This is the holy grail for media companies this decade — convincing Wall Street that streaming growth will make up for the decline of legacy businesses like cable TV and movie theater viewing. It’s also a strategy supported by AT&T’s most notable investor, activist hedge fund Elliott Management, which last year bet $3.2 billion that divesting non-core assets and focusing on streaming could lead to a surge in AT&T shares.

Stankey thought Plepler was attached to a fading distribution model — a wholesale approach where companies like Comcast and Amazon could sell HBO programming along with other linear networks or streaming services. Stankey viewed these companies as competitors more than partners. The battle would be keeping viewers in the AT&T ecosystem instead of Apple’s or Amazon’s or Comcast’s.

This difference in approach showed up last month, when WarnerMedia struck a deal to put HBO Max on Amazon Fire TV. As a condition of that agreement, HBO is pulling its content off Amazon’s Channels interface next year, people familiar with the matter told CNBC. Several WarnerMedia executives who worked on the deal blamed Plepler for previously giving Amazon too much control over HBO programming, making the new Fire TV agreement much harder to complete.

Stankey initially wanted to keep Plepler at HBO, but the relationship started to fray around the end of 2018, said people familiar with the matter. Stankey set up an L.A. meeting with Casey Bloys, then president of HBO programming, without inviting or notifying Plepler. Plepler felt disrespected and told Stankey as much. Stankey saw Plepler as stoking an unnecessary turf war.

Around the same time, Stankey held a meeting with senior executives at the Time Warner Center boardroom in New York.

An outside consultant, Peter Cairo, who had spent the last few months interviewing 65 WarnerMedia executives, presented a number of problems with Time Warner’s siloed approach. Many of the senior leaders in attendance thought the presentation was doctored to support Stankey’s view that the company’s leadership was standing in the way of progress. Cairo, who had a history of working with Time Warner’s leadership team, told the group HBO was particularly resistant to working with other parts of the company.

Several veteran executives, including Bernadette Aulestia, head of HBO’s global distribution and Donna Speciale, president of WarnerMedia’s ad sales, spoke up to defend Time Warner’s history of success while questioning the way AT&T was handling staff morale.

The meeting ended tersely with Stankey cutting off dialogue early, three of the people said.

When the presentation ended, Plepler held a private meeting with Stankey. Soon after, Plepler revealed to a small group of people he was leaving HBO. He made his departure public in Feb. 2019.

Both Plepler and Stankey declined to comment for this story. A WarnerMedia spokesperson added, “As CEO of WarnerMedia and now CEO of AT&T, John Stankey has made it a habit to visit with talented employees throughout the company. That’s what good leaders do and is a common practice at well-run companies.”

HBO Max launched in May at a cost of $14.99 a month — the same as HBO — and an ambitious tagline: “Where HBO meets so much more.” It combines 31 new originals with library programming, including DC Comics content, from cable networks like CNN, TNT, Adult Swim, and the Warner Bros. studio. Stankey also licensed popular TV series including “South Park,” “The West Wing” and “The Bachelor.”

AT&T’s grand plan is to pair HBO Max with its wireless service — AT&T customers with premium plans already get HBO Max for free today. Wireless service has become a commodity in most markets, with AT&T, Verizon and T-Mobile all offering similar speeds and pricing plans. HBO Max is meant to help AT&T stand out from the pack and reduce churn while giving the wireless company viewership data for marketing and targeted advertising.

Since taking over, Kilar has accelerated Stankey’s burn-it-down strategy to boost HBO Max. As part of the restructuring, WarnerMedia has conducted several rounds of layoffs, including more than 1,000 employees in November. Kilar has even dismissed employees Stankey brought in, including Bob Greenblatt, who took over as chairman of WarnerMedia entertainment in March 2019.

He ended Conan O’Brien’s late night show on TBS and moved it over to HBO Max exclusively. He’s making the blockbuster Warner Bros. film “Wonder Woman 1984” available on HBO Max the same day it hits theaters on Dec. 25. This week, he announced every Warner Bros. movie slated for release in 2021, including “Dune,” “Matrix 4,” Lin-Manuel Miranda’s “In the Heights,” and “The Sopranos” prequel “The Many Saints of Newark,” will launch on HBO Max at the same time they’re released in theaters.

In an interview, Kilar told CNBC that killing the decades-old theatrical window, where movies got exclusive runs in theaters before coming to home video platforms, would make customers happy, even if it hurt the movie theater industry.

“The best way to find success in business, and certainly with the Internet, is to start with the customer,” Kilar said. “If we start our days and end our days focused on the customer, we’re going to lead the industry.”

Almost all of the executives who spoke to CNBC — including several still at WarnerMedia — felt the HBO Max experiment isn’t going particularly well so far. Only 8.6 million people have signed up to activate the service since it launched in May. Compare this to Disney, which has signed up 73.7 million people for Disney+ in less than a year.

“Jason’s belief is — wrongly — if any piece of content available anywhere other than HBO Max, it cheapens HBO Max,” said one recently departed executive. “Jason is forgoing billions in revenue by turning his back on licensing to preserve content for HBO.”
By pricing HBO Max the same as HBO, Stankey seemed to assume HBO users would simply switch to HBO Max over time. But the transition has been slow, as pay TV and streaming distributors — once HBO’s needed partners — have little incentive to market HBO Max to the millions of people who already get HBO.

“The risk here is that they end up pouring all of their Warner Bros. Studios content into HBO Max only for it to continue to be a premium service that serves only the top third of households,” said MoffettNathanson analyst Craig Moffett. “There’s a real risk that 1+1+1=1 here, and that all that will be left of Warner Media when they are finished is an HBO division that is more or less the same size as it was when they started.”

One problem is HBO Max has no tent-pole original series to jumpstart subscribers, like Disney+ has with “The Mandalorian.” That’s partly because, after the delay from the battle with the U.S. government, Stankey wanted to get the service out fast, according to people familiar with the matter. The coronavirus pandemic lockdowns in 2020 also delayed the creation and filming of new material.

The rushed launch has also affected distribution. WarnerMedia held out on a streaming distribution deal with Amazon for months to get friendlier terms and still hasn’t reached a deal with Roku. Kilar’s decision to release the 2021 Warner Bros. slate of movies on HBO Max concurrently with theater distribution could put more pressure on Roku to reach a deal. (Spokespeople at WarnerMedia and Roku declined to comment.)

Then there’s the confusing branding around HBO Max, which initially joined a plethora of similarly named services, including HBO, HBO Go, and HBO Now. Although WarnerMedia finally got around to retiring HBO Go and changing HBO Now to simply ‘HBO’ in June, several employees in charge of marketing and branding acknowledged the changes should have come much sooner, before HBO Max ever launched.

Kilar may also roll out separate streaming products, such as a CNN-related product and a free entertainment service featuring content from TNT and TBS, The Information reported.

There’s even been talk internally of changing the name of HBO Max — either internationally only or globally — once it rolls out worldwide in 2021, according to three people familiar with the matter. Executives have batted around several names with “Warner” as the title brand, rather than “HBO” — which makes even more sense if the service builds brand equity around having films the day they hit theaters. A WarnerMedia spokesperson said that a name change isn’t being actively considered at this time.

Passing on divestments

Elliott, which sold $150 million in AT&T shares at a loss last month, has pushed Stankey to divest assets. Still, CNBC has learned AT&T recently passed on a couple deals that could have brought in billions of dollars for the debt-laden company.

Just as Kilar was taking over WarnerMedia in May, DraftKings floated the idea of acquiring Bleacher Report from AT&T. The Bleacher Report executive team was privately hoping Stankey and the board would approve a deal, because it was clear AT&T’s focus would be on HBO Max, according to people familiar with the matter. But AT&T never seriously considered the sale, these people say. A DraftKings spokesman declined to comment. Since then, a number of high ranking Bleacher Report executives have left WarnerMedia, including CEO Howard Mittman.

Kilar also decided to keep Warner Brothers Interactive Entertainment, the company’s video gaming unit, after AT&T fielded bidders earlier this year.

“Any chart about gaming usage is up and to the right,” said Kilar. “It’s one of the most impressive trends in U.S. consumer behavior in the last 20 years. When we take a look at the next 5, 10 or 15 years with WarnerMedia, I’m very excited with the role gaming will play in our future.”

DirecTV dread

Most of the WarnerMedia executives CNBC spoke with for this story agreed that Stankey and Kilar’s bolder strategy makes more sense than Plepler’s more conservative alternative.

But many of the same executives, who still own a lot of AT&T stock, are scared that Time Warner’s path will mirror DirecTV’s.

In the years after acquiring DirecTV, Stankey eliminated most of the company’s top leaders, changed the satellite TV strategy to digital-first, and ended marketing campaigns touting the advantages of legacy technology.

The results have not been good.

AT&T ended the third quarter with about 17 million legacy TV subscribers (both DirecTV and U-Verse), down more than 16% from a year earlier. While all pay-TV distributors have lost customers in recent years, AT&T has lost the most — about 8 million video subscribers since early 2017. For comparison, Comcast has lost about 3 million residential video customers over the same period, dropping from 22.5 million to 19.2 million.

The digital product has been a non-starter. Last quarter, the company reported an anemic 683,000 customers for AT&T Now — the new name for DirecTV Now. That’s a drop of 40% from last year.

AT&T is currently in late-stage sale talks with private equity firms to sell a minority stake in the company’s pay-TV distribution business for a valuation that could be less than $15 billion, people familiar with the matter told CNBC.

Some of this decline may be a strategic choice. Stankey has purposefully steered AT&T’s business away from DirecTV, realizing that selling a bundle of linear channels — even digitally — isn’t the future of television. It’s possible DirecTV will serve as template of what not to do, even though Stankey has refused to call the DirecTV deal a mistake.

‘Culture eats strategy for breakfast’

Even if Stankey can learn from the strategic errors AT&T with DirecTV, many former executives feel the damage to HBO’s internal culture is irreparable.

HBO has churned out critically acclaimed material for nearly two decades. Series like “The Sopranos,” “Sex and the City,” and “Game of Thrones” are credited with sparking a new golden age of television and supplanting movies as the most prestigious form of video storytelling.

This run of success has convinced many of the world’s most popular and glorified creators to work at HBO.

“Culture eats strategy for breakfast,” Plepler would frequently say to co-workers, quoting legendary management consultant Peter Drucker, according to people familiar with the matter.

Some employees fear Stankey and Kilar don’t appreciate how long it took to build those relationships. Several noted that Kilar and his deputy Andy Forssell have technology backgrounds that don’t always mix with the established creative culture.

Kilar said any employees harboring that concern shouldn’t be worried.

“I don’t define culture,” Kilar said. “You’re talking about a culture that ultimately goes back 97 years.” (Warner Bros. was founded in 1923.) “That’s not going to change because a few individuals are no longer present. Culture is the decisions we make when no one else is looking. If you think that’s going away, you’re not giving enough credit to culture.”

Kilar has retained some key HBO executives from the past two decades, including Bloys, who is now in charge of HBO Max content. Meredith Gertler, a 16-year HBO veteran, is executive vice president of content strategy. Amy Gravitt, who joined HBO in 2004, heads up comedy programming. Nina Rosenstein remains an executive vice president of programming after more than two decades with the company.

But former executives point to Stankey’s push to add advertising to HBO Max, slated for the second quarter of 2021, as potentially ruinous, according to people familiar with the plans. Would brands have been comfortable associating with “Game of Thrones” beheadings or rape scenes in “The Sopranos”? HBO never wanted to find out and risk having to compromise its content to keep advertisers happy.

“If HBO stood for anything, it was making a product for the customer, not the advertiser,” said one former HBO executive. “It’s not as though John is unpleasant. He doesn’t throw stuff. He just knows much less about television than he thinks and won’t be debated.”

Both present and past employees are optimistic that Bloys and his team can keep churning out original programming hits for HBO Max. Bloys is moving beyond the classic HBO tropes and trying to turn series that revolve around DC Comics characters or reboots like “Gossip Girl” into hits.

Still, many of those people predict AT&T will eventually sell off WarnerMedia, either in pieces or together, because legacy media assets will continue to weigh on AT&T’s stock rather than help it. Several said AT&T’s board will ultimately balk at giving Kilar the money he needs to compete with Netflix, Amazon and Disney.

‘Why put the two companies together?’

The day after AT&T announced its deal for Time Warner in 2016, then-CEO Randall Stephenson appeared on CNBC to explain the deal’s logic.
watch now

“Why put the two companies together?” Stephenson said. “The world of distribution and content is converging, and we need to move fast, and if we want to do something truly unique, begin to curate content differently, begin to format content different for these mobile environments — this is all about mobility. Think DirecTV Now, the new product we’re bringing to market. What can you do with Time Warner content really fast and very uniquely for our customers? Can you begin to integrate social into that content? Can you give the capability to...I’m watching content, I want to clip it, I want to send it via social media to my friends. Can we iterate on that quickly, and can we give a unique experience to our customers?”

Whatever Stephenson was talking about in that answer, it hasn’t happened. There’s a sense — even among top executives still at the company — that AT&T’s WarnerMedia transformation is about making lemonade from assets in danger of becoming lemons.

But no one forced AT&T to buy Time Warner in the first place. The same can be said for DirecTV. Stephenson and Stankey made those decisions.

It will take at least a year or two more to judge HBO Max as a success or failure. In that time, WarnerMedia could develop a culture and a product that breed loyal employees and make the gripes of the old-timers seem petty and irrelevant.

To borrow a line from “The Sopranos,” ”‘Remember when’ is the lowest form of conversation.”

Then again, it’s concerning to hear the same anxieties from so many WarnerMedia executives. To use a different “Sopranos” line, “One thing you can never say is that you haven’t been told.”
https://www.cnbc.com/2020/12/04/att-...ide-story.html





Hollywood’s Obituary, the Sequel. Now Streaming.

In the 110-year history of the American film industry, never has so much upheaval arrived so quickly and on so many fronts.
Brooks Barnes

“Hollywood’s like Egypt: full of crumbled pyramids. It’ll never come back. It’ll just keep on crumbling until finally the wind blows the last studio prop across the sands.”

David O. Selznick, the golden era producer, made that glum proclamation in 1951. A new entertainment technology, TV, was emasculating cinema as a cultural force, and film studios had started to fossilize into bottom line-oriented businesses. As Selznick put it, Hollywood had been “grabbed by a little group of bookkeepers and turned into a junk industry.”

Since then, Hollywood has repeatedly written its own obituary. It died when interlopers like Gulf + Western Industries began buying studios in the 1960s. And again when “Star Wars” (1977) and “Superman” (1978) turned movies into toy advertisements. The 1980s (VCRs), the 1990s (the rise of media super-conglomerates), the 2000s (endless fantasy sequels) and the 2010s (Netflix, Netflix, Netflix) each brought new rounds of existential hand-wringing.

Underneath the tumult, however, the essence of the film industry remained intact. Hollywood continued to believe in itself. Sure, we churn out lowest common denominator junk, studio executives would concede over $40 salads at the Polo Lounge. It’s how we make our quarterly numbers. But we can still generate the occasional thunderclap, with ambitious films like “Get Out” and “1917” and “Black Panther” and “Once Upon a Time … in Hollywood” arriving on big screens and commanding the culture for months on end.

In one breath: All is lost! Big Tech is going to eat us alive.

In the next: Everyone still loves us. Just look at all those pinwheel-eyed fans buying tickets.

But the moment of crisis in which Hollywood now finds itself is different. In the 110-year history of the American film industry, never has so much upheaval arrived so fast and on so many fronts, leaving many writers, directors, studio executives, agents and other movie workers disoriented and demoralized — wandering in “complete darkness,” as one longtime female producer told me. These are melodramatic people by nature, but talk to enough of them and you will get the strong sense that their fear is real this time.

Have streaming, the coronavirus and other challenges combined to blow away — finally, unequivocally — the last remnants of Hollywood?

“The last nine months have shaken the movie business to its bones,” said Jason Blum, the powerhouse producer whose credits range from “The Purge” series to “BlacKkKlansman.”

The feel of a dismantled film set

Streaming, of course, has been disrupting the entertainment business for some time. Netflix started delivering movies and television shows via the internet in 2007. By 2017, Disney was trying to supercharge its own streaming ambitions by bidding for Rupert Murdoch’s 21st Century Fox, ultimately swallowing most of the company for $71.3 billion in an effort to expand its library of content and gain control of Hulu.

In recent months, however, the shift toward streaming has greatly accelerated. With more than half of the 5,477 theaters in the United States still closed, more than a dozen movies originally destined for big screens have been rerouted to streaming services or online rental platforms. Pixar’s latest adventure, “Soul,” will debut exclusively on Disney+ on Christmas Day. It will compete with “Wonder Woman 1984” (Warner Bros.), which will arrive in theaters and on HBO Max on Dec. 25, a crossing-the-Rubicon moment in the eyes of analysts.

Meantime, the owner of Regal Cinemas, the No. 2 multiplex chain in North America, just took on emergency debt to avoid insolvency. Trying to keep his own company afloat, Adam Aron, the chief executive of AMC Entertainment, the No. 1 chain, quoted Winston Churchill on his most recent earnings call. (“We shall fight on the beaches!”) And the National Association of Theater Owners has found itself begging for a federal bailout. Deprived of one, the trade group warned, “movie theaters across the country are at risk of going dark for good.”

Without appearing on big screens, are movies even movies? Wrestling with that question alone has pushed Hollywood into a full-blown identity crisis. But the film industry is simultaneously dealing with other challenges. Outrage over the killing of George Floyd by a police officer has forced the movie capital to confront its contribution to racism and inequity. Coronavirus-forced production shutdowns have idled tens of thousands of entertainment workers. The two biggest talent agencies, Creative Artists and William Morris Endeavor, have been hobbled by the shutdown, resulting in a diaspora of agents, some of whom are starting competing firms, a once-unthinkable realignment.

There has been an abrupt changing of the guard in Hollywood’s highest ranks, contributing to the sense of a power vacuum. Nine of the top 20 most powerful people in show business, as ranked a year ago by The Hollywood Reporter, have left their jobs for one reason or another (retirement, scandal, corporate guillotine). They include the No. 1 person, Robert A. Iger, who stepped down as Disney’s chief executive in February, and Ron Meyer (No. 11), whose 25-year Universal career ended in August amid a tawdry extortion plot.

Retrenchments at Warner Bros. have also bruised Hollywood’s psyche. Over the years, as other film studios were lobbed between owners (Universal), downsized (Paramount) or subsumed (20th Century Fox), “Warners” remained virtually untouched, emerging as an emblem of stability and spending. In recent months, however, the studio has been streamlined by an aggressive new owner, AT&T, resulting in the departure of a startling number of executives who had been there for decades. For now, Warner Bros. has 10 movies on its 2022 theatrical release schedule, according to the database IMDbPro. Last year, it released 18.

The black icing on the cake: The shutdown has stripped Hollywood of its internal culture, the otherworldly (some would say silly) rituals that have long served as a magnet for so many. It has been a year without red carpets. There have been no see-and-be-seen power lunches at Chateau Marmont. Zoom is the new awards ballroom.

In a recent phone conversation that felt more like a therapy session, one Warner Bros. executive told me that “the town” felt like a dismantled movie set: The gleaming false fronts had been hauled away to reveal mere mortals wandering around in a mess.

Or perhaps, he continued, speaking on the condition of anonymity to avoid conflict with his employer, the proper metaphor was a movie — perhaps “The Remains of the Day,” the 1993 drama starring Anthony Hopkins as an English butler. As Vincent Canby wrote in his New York Times review, the Merchant Ivory film was about “the last, worn-out gasps of a feudal system that was supposed to have vanished centuries before.”

‘Normal wasn’t good enough’

Not everyone in Hollywood is walking around in a stupor. Some people even seem energized, especially those who have spent their careers wielding jackhammers against the Hollywood status quo. Ava DuVernay, for instance, has been outspoken about the need for studios to remake themselves — to dramatically diversify their upper ranks, which are overwhelmingly white and male, and to prioritize storytelling from a kaleidoscope of voices. Her production company, ARRAY, uses “change is ours to make” as its slogan.

“I see this as a time of opportunity,” Ms. DuVernay told me. “Sometimes you have to take it down to the studs and build something new.”

She continued: “It’s not going to go back to the way it was, nor do we want it to. We want to move forward. I hear people saying that they can’t wait for Hollywood to get back to normal. Well, I really resist that. Normal wasn’t good enough. All of this change in such a short amount of time really lays bare how shaky the ground was to begin with.”

Ms. DuVernay, whose film and television credits include “Selma,” “Queen Sugar” and “When They See Us,” grew more pointed. “Some folks are scared, and I have sympathy,” she said. “But it’s mostly the folks who are clinging to the idea that Hollywood is theirs and it was built in their likeness, and they will do anything to cling to it, even if that means destroying it.”

She concluded by rolling her eyes at the Chicken Littles who fret that moviegoing is over.

“Talk about dramatic,” she said. “Theaters aren’t going anywhere, at least not all of them.”

In fact, multiplexes may get a post-pandemic bump. Because so many studios have pushed back their biggest movies, next summer’s theatrical release calendar looks like a blockbuster heaven: “Black Widow,” “Fast & Furious 9,” “The Conjuring: The Devil Made Me Do It,” “Ghostbusters: Afterlife,” “Minions: The Rise of Gru,” “Top Gun: Maverick,” Marvel’s “Shang-Chi and the Legend of the Ten Rings,” “Hotel Transylvania 4,” “Venom: Let There Be Carnage.” (To name a few.) With any luck, studio chiefs say, the newly vaccinated masses will come out in droves, in part because they won’t take the theatrical experience for granted anymore.

In Japan, where cinemas are fully operating again (the country’s response to the coronavirus has kept cases and deaths low), more than 3.4 million people turned out last month to see an animated movie, “Demon Slayer: Mugen Train,” on its opening weekend. One Tokyo theater scheduled a jaw-dropping 42 screenings in one day to meet demand.

Popcorn for everyone!

“There’s a reason that the Roaring Twenties followed the 1918 pandemic,” J.J. Abrams, the Bad Robot Productions chairman, said by phone. “We have a pent-up, desperate need to see each other — to socialize and have communal experiences. And there is nothing that I can think of that is more exciting than being in a theater with people you don’t know, who don’t necessarily like the same sports teams or pray to the same god or eat the same food. But you’re screaming together, laughing together, crying together. It’s a social necessity.”

Streaming services and theaters will settle into coexistence, he predicted.

“I think going to a theater is like going to church and watching a movie at home is like praying at home,” Mr. Abrams said. “It’s not that you can’t do it. But the experience is wholly different.”

Over? Hollywood? C’mon. “I’m working on and excited about and hopeful about a number of theatrical projects,” Mr. Abrams said.

His most recent film, “Star Wars: The Rise of Skywalker,” took in more than $1 billion at the global box office. It was one of nine movies to reach that threshold last year, with “Avengers: Endgame” collecting nearly $3 billion. All told, ticket sales stood at $42.2 billion, with weakness in North America ($11.4 billion) offset by an increase overseas ($30.8 billion).

The hoary tradition of exhibiting movies on big screens, which dates to the 1890s, may have vast challenges — not the least of which is a 78 percent plunge in domestic ticket sales for the year to date. But a business of its scale, as Mr. Abrams and others will tell you, does not vanish forever in the span of a few self-quarantining months.

‘People change their habits’

But what happens in 2022, once the thrill of mingling together has burned off, studios have worked through their blockbuster backlogs and streaming services are stronger than ever?

Will young people — trained during the pandemic to expect instant access to new movies like “Hamilton” and “Borat Subsequent Moviefilm” — get into the habit of going to the movies like their parents and grandparents did? Generation Z forms a crucial audience: About 33 percent of moviegoers in the United States and Canada last year were under the age of 24, according to the Motion Picture Association.

Most young people will have gone a full year without visiting a cinema by the time vaccines are expected to be widely deployed.

“Yes, there is pent-up demand to see movies in a theater,” said Peter Chernin, whose Hollywood career has spanned four decades. “But people change their habits.”

Mr. Chernin, who oversaw the release of theatrical megamovies like “Titanic” and “Avatar” while running Mr. Murdoch’s empire from 1996 to 2009, has already voted with his feet. Last year, he aligned his Chernin Entertainment with Netflix, where he has more than 70 movies in development. The films in which he specializes — high-quality dramas like “Hidden Figures” and “Ford v Ferrari” — are a dying breed in theaters. It’s too hard to make money when marketing campaigns start at $30 million.

But the audience has also shifted. Sorry, film snobs: Most people seem fine with watching these films in their living rooms (sometimes, shudder, on their smartphones).

“Cinema as an art form is not going to die,” said Michael Shamberg, the producing force behind films like “Erin Brockovich,” “The Big Chill” and, rather appropriately, “Contagion.” “But the tradition of cinema that we all grew up on, falling in love with movies in a theater, is over. Cinema needs to be redefined so that it doesn’t matter where you see it. A lot of people, sadly, don’t seem to be ready to admit that.”

In other words, the art may live on, but the myth of big screens as the be-all and end-all is being dismantled in a fundamental and perhaps irreversible manner. Because of the pandemic, the film academy has decided for the first time to allow streaming films to skip a theatrical release entirely and still remain eligible for the Academy Awards, nudging the Oscars closer to the Emmys. (The academy deemed the move “temporary,” but some people, including Ms. DuVernay, one of the organization’s 54 governors, think it will be hard to backtrack.)

Imagine what that means to Hollywood’s sense of self. Since always, the film industry has swaggered into every room it has ever entered — Spielberg on line one, Scorsese on line two. Nothing less than “ensuring film’s legacy as the great art form of our time” is one of the stated goals of the soon-to-open Academy Museum of Motion Pictures in Los Angeles.

Mr. Abrams, as much a television wunderkind as a movie one, described the difference between small screens and big ones by summarizing something he once heard on National Public Radio. Television, he explained, is the child and the audience is the parent. It’s smaller than you. You can control it by changing the channel. With movies, the roles are reversed. You are the small one. You’re supposed to look up at them.

Exactly how does that work in the streaming age?

No wonder Hollywood has been experiencing, as the trade newsletter The Ankler recently put it, “a heart attack wrapped inside a nervous breakdown.”

Next week, the Oscar race will kick into high gear with the wide release of David Fincher’s “Mank.” Set mostly in the 1930s and filmed in black and white, the film focuses on Hollywood’s romantic heyday — back when pictures were pictures — by telling a story about the creation of “Citizen Kane.” (The Australian actor Toby Leonard Moore plays David O. Selznick.)

Critics have been transported. “Time-machine splendor,” wrote Owen Gleiberman in Variety. “A tale of Old Hollywood that’s more steeped in Old Hollywood — its glamour and sleaze, its layer-cake hierarchies, its corruption and glory — than just about any movie you’ve seen.”

You can find “Mank” on Netflix.
https://www.nytimes.com/2020/11/28/b...streaming.html





Sean Parker OK’d to Buy Stake in Peter Jackson’s VFX Studio
Nick Perry

New Zealand authorities have approved tech billionaire Sean Parker’s purchase of a one-third stake in film director Peter Jackson’s visual effects studio.

Parker needed special permission from the Overseas Investment Office because he isn’t a New Zealand resident and the Weta Digital studio is worth more than 100 million New Zealand dollars ($71 million).

In a decision published on its website this week, the office said Parker and his business associates had the relevant experience and were “of good character.” It said Weta Digital was raising money to grow its business.

Parker, who co-founded the file-sharing service Napster and is a former president of Facebook, said in June there was a huge, unmet demand for high-quality animated content.

“I have been a Weta superfan for the past two decades — I recall my sense of wonder when I first saw the character of Gollum brought to life, and later the surreal feeling of being transported to the alternate reality of Pandora,” Parker said, referring to the work Weta did on Jackson’s “The Lord of the Rings” trilogy and James Cameron’s “Avatar.”

Parker’s representative said Wednesday he had no further comment on the purchase.

Weta employs about 1,550 people and is based in New Zealand’s capital, Wellington. Company records indicate Jackson and collaborators Fran Walsh and Philippa Boyens own just over two-thirds of the company. Weta will issue new shares for Parker, diluting Jackson’s stake.

Jackson could not be reached for comment.

In June, Weta appointed Parker’s business associate Prem Akkaraju as chief executive and said it would begin producing original content for the first time in its 25-year history.

In 2016, Parker and Akkaraju founded a video-on-demand startup called Screening Room, which this year relaunched as SR Labs.
https://apnews.com/article/peter-jac...0b532d41eddbdf





Your Smart TV is Probably Ignoring Your PiHole
LabZilla

If you’re using PiHole on your network to block ads and prevent your various smart devices from sending tracking information to their manufacturers, you might be surprised to find out that some of these devices are using a sneaky tactic to bypass your PiHole entirely.

Smart devices manufacturers often “hard-code” in a public DNS server, like Google’s 8.8.8.8, and their devices ignore whatever DNS server is assigned by your router - such as your PiHole.

Nearly 70% of smart TVs and 46% of game consoles were found to contain hardcoded DNS settings - allowing them to simply ignore your local network’s DNS server entirely. On average, Smart TVs generate an average of 60 megabytes of outgoing Internet traffic per day, all the while bypassing tools like PiHole.

Force all DNS queries through PiHole

Fortunately, with a few simple firewall rules, you can intercept these hardcoded DNS queries and redirect them to your PiHole. These instructions are for pfSense, however you should be able to adapt them for Sophos XG, Ubiquiti EdgeRouter, etc.

Create NAT Rules

Log in to your pfSense admin interface, and navigate to Firewall > NAT > Port Forward.

We’re going to create two Port Forward NAT rules - one to redirect any DNS queries originating from devices on the LAN to PiHole, and another to allow PiHole to commmunicate with external DNS servers. We will also create an additional outbound NAT rule that will make this process invisible to any clients on the network with hardcoded DNS.

NAT Rule 1: Redirect DNS queries to PiHole

Click the Add button to create your first new NAT Port Forward rule.

• Interface: LAN
• Protcol: TCP/UDP
• Source: LAN net (you may need to click the blue show advanced button to see this option)
• Destination - Invert match: Checked
• Destination - Type: Single host or alias
• Destination - Address/mask: Your PiHole’s IP address
• Destination Port Range - From: DNS
• Destination Port Range - To: DNS
• Redirect Target IP: Your PiHole’s IP address
• Redirect Target Port: DNS
• Description: Intercept any outgoing DNS queries and redirect them to PiHole.

NAT Rule 2: Exempt PiHole from DNS query redirects

Click the Add button to create your second new NAT Port Forward rule.

• No RDR (NOT): Checked
• Interface: LAN
• Protcol: TCP/UDP
• Source - Type: Single host or alias
• Source - Address/Mask: Your PiHole’s IP address
• Destination: Any
• Destination Port Range - From: DNS
• Destination Port Range - From: DNS
• Description: Allow PiHole to reach external DNS servers

Note: pfSense (and most other firewalls) process rules from top to bottom. Make sure you drag the second rule exempting PiHole from DNS query redirects above the first rule we created - otherwise PiHole will not be able to contact external DNS servers.

NAT Rule 3: Prevent clients from giving unexpected source errors

Finally, we need to create an outbound NAT rule. Navigate to Firewall > NAT > Outbound.

• Interface: LAN
• Address Family: IPv4+IPv6
• Protocol: any
• Source - Type: Network
• Source - Network for the outbound NAT mapping: Your internal LAN network
• Destination - Type: Network
• Destination - Network for the outbound NAT Mappings: Your PiHole’s IP Address
• Destination Port Range: 53
• Translation: Interface Address
• Description: Prevents hardcoded DNS clients from giving unexpected source error after DNS redirected to PiHole.

Test it out

You can easily test to make sure your DNS redirection is working properly.

1. Create a new, temporary internal DNS entry on your network (“piholetest.example.com”), and point it to 10.0.1.1. You can do this right from PiHole under Local DNS Records.
2. Manually set your computer’s DNS server to 1.1.1.1.
3. Open a terminal window (or command promt on Windows), and run nslookup piholetest.example.com

4. If you set this up correctly, nslookup should return 10.0.1.1. Your computer thinks it’s receiving DNS records from 1.1.1.1, while in reality they are coming from your PiHole.

macbookpro:~ labzilla$ nslookup piholetest.example.com
Server: 1.1.1.1
Address: 1.1.1.1#53

Name: piholetest.example.com
Address: 10.0.1.1

5. You can further demonstate this by temporarily disabling the first NAT rule we created, and running the same nslookup piholetest.example.com command:

macbookpro:~ labzilla$ nslookup piholetest.example.com
Server: 1.1.1.1
Address: 1.1.1.1#53

** server can't find piholetest.example.com: NXDOMAIN

As “piholetest.example.com” doesn’t exist on the public Internet, the real 1.1.1.1 server has no record to provide - resulting in your nslookup request returning a NXDOMAIN error.

Don’t forget to revert your computer’s DNS settings back to their original value, and reenable any firewall rules you temporary disabled while testing.
https://labzilla.io/blog/force-dns-pihole





TRON Blockchain Partners With Huawei to Roll Out BitTorrent File-Sharing App
Insider Monkey Staff

Blockchain company TRON, which owns BitTorrent, has struck a deal with Huawei to add the file-sharing app to the latter’s app store. Four variations of the BitTorrent app, including uTorrent and uTorrent Pro, have gained a place in Huawei’s AppGallery, its equivalent of Google’s (NASDAQ:GOOG) Play Store or Apple’s (NASDAQ:AAPL) App Store.

Huawei is the world’s largest telecom manufacturer, and the second largest smartphone maker after Samsung. As a result, the partnership is a major boost for TRON and BitTorrent, potentially placing its application in the hands of up to three billion users in 170 countries.

BitTorrent Extends Its Mobile Reach

BitTorrent is the world’s largest file-sharing network, and has been reinvigorated following its takeover and subsequent tokenization by TRON. Led by the ebullient Justin Sun, who is also the CEO of BitTorrent, TRON is a blockchain ecosystem focused on delivering entertainment to consumers in all its forms, from live-streaming to micro-blogging. It’s achieved this through a series of acquisitions and takeovers, including BitTorrent, video platform dLive, and Steemit.

Android users who own Huawei devices will now be able to access BitTorrent directly from the built-in app store and utilize its torrenting capabilities. From the perspective of BitTorrent, the integration will help to grow its user base of 100 million. From the perspective of TRON, it’s another step towards placing crypto-powered applications in the hands of billions. Huawei’s 5G phones have proved a hit in the firm’s native China and across the Asian market, where they enjoy the sort of dominance comparable with that of the iPhone in the West.

TRON Ecosystem Expands

The Huawei deal isn’t the first of this kind to have been struck by TRON; earlier this year it partnered with Samsung, bringing several of its decentralized apps (dApps) into the South Korean manufacturer’s Galaxy Store. A TRON wallet was also incorporated. In the eyes of Justin Sun, though, the Huawei deal is bigger still.

“This is another huge milestone for TRON and BitTorrent to be listed by one of the largest Android manufacturers in the world,” said the TRON founder. “We are excited to see the blossoming universe of distributed networks grow via Huawei devices and technology.”

While most of the users installing the BitTorrent app on Android will be concerned with its ability to support high speed downloads, the underlying blockchain infrastructure is a core component. This takes the form of BitTorrent File System, which enables developers of TRON applications to access distributed storage, ensuring that the dApps they release are truly decentralized.

Advocates of web3 technology believe that the internet of the future will be self-sovereign and distributed. In other words, individuals will be responsible for storing and accessing their data, rather than entrusting it to centralized tech giants. If this model comes to pass, it will be reliant upon networks such as BTFS and Bluzelle to provision distributed storage cheaply and at scale.

Disclosure: This Op-Ed is written by Reuben Jackson. Insider Monkey News Department isn't involved in the production of this article.
https://finance.yahoo.com/news/tron-...164708146.html





U.S. Broadband Speeds Jumped 90% in 2020. But No, It Had Nothing To Do With Killing Net Neutrality.
Karl Bode

Last last week, a report out of the UK topped the trending news items at Hacker News. The report found that U.S. broadband speeds -- historically the poster child for mediocrity -- jumped roughly 90% during the COVID-19 lockdowns. The improvements weren't consistent geographically, and the report was quick to note that by and large, the U.S. remains relatively mediocre when it comes to broadband speeds (in large part due to limited competition):

"The US stills lags behind many European and developed nations worldwide, and its major cities also often lag behind their European equivalents. That said, there is cause for celebration in Dallas, Seattle and Austin, after our analysis has shown that these cities are performing extremely well relative to most European capital cities."

I spoke briefly to study author Thomas Buck after he reached out to note that folks were misinterpreting his study. Yes, the study shows U.S. broadband speeds jumped 90% in 2020. But Buck also notes this likely isn't because of policy decisions at the FCC, or because ISPs did much of anything differently. It's most likely because when consumers were forced to stay home to work and attend school during COVID lockdown, they were simply willing to pay more money for already available, faster speeds because they realized faster broadband was essential. Buck put it this way:

"... the findings are more likely to suggest increased consumer spending on high-speed plans for working from home than anything else...speed test data is fascinating and helpful, but using it as proof that net neutrality was bad is a giant stretch by any means. When looking at broadband data, I think it’s more important to discuss the dark spots (subscriber data, full capacity testing at scale, same-year fiber build data) than what we have (hundreds of thousands of speed tests, most of them showing results a fraction of what ISPs advertise)."

Yet a number of folks (including commenters at Hacker News) set to work trying to claim that this sudden boost in speed was courtesy of the FCC's decision to kill net neutrality and effectively self-immolate at telecom lobbyist behest. It's part of a fairly relentless attempt to proclaim that because killing net neutrality didn't immediately result in a rainbow-colored explosion, the repeal itself must have somehow been a good thing.

For example, this entire thread from a Federalist contributor takes the study and creates an elaborate alternate reality where critics of the net neutrality repeal must have been wrong, because (you guessed it) the internet didn't immediately come to a stop:

Three years ago, America was locked in a battle for #NetNeutrality, and, by extension, life as we knew it.

For the lucky few who survived, I invite you to join me on a quick stroll down memory lane to revisit the doom and gloom we were promised. https://t.co/wdQC8GRktj

— Drew Holden (@DrewHolden360) November 25, 2020


Yes, many activists and supporters of net neutrality were hyperbolic in trying to explain the very real, very negative impact the net neutrality repeal would have over the longer term. That doesn't mean it wasn't a terrible idea done in exclusive service to telecom monopolies.

Once again, killing net neutrality didn't just kill fairly modest net neutrality rules. It left the FCC incapable of holding giant ISPs accountable for fraud, anti-competitive behavior, predatory billing, bogus fees, privacy violations, and all the other symptoms of a broken, uncompetitive, and highly geographically monopolized U.S. telecom market. If you think that's a good thing (especially during a massive economic and public health crisis that has shown broadband to be an essential lifeline), you either don't understand how any of this works, or are being intentionally misleading.

Speaking of misleading, the study also appears to have popped up in FCC Commissioner Brendan Carr's goodbye letter to Ajit Pai (pdf), in which he attributes the speed jump to Pai's incredible leadership:

"With Internet speeds more than doubling under his leadership, America is now home to the strongest 5G platform in the world."

That is, if you're playing along at home, not true. 83 million Americans live under a broadband monopoly. Tens of millions more live under a broadband duopoly. Americans pay some of the highest prices in the world for what's routinely patchy service, mediocre speeds, and terrible customer service. And U.S. 5G speeds also provably and dramatically lag behind most other developed nations as well. There's a reason for this: it's called regulatory capture and mindless pandering to powerful telecom monopolies. Resulting in the FCC effectively dismantling itself because Comcast and AT&T told it to.

Again, if you genuinely think having chickenshit regulators commit seppuku because some widely despised telecom monopolists told them to is a good thing, you're either very confused as to how absolutely any of this works, or you're being intentionally misleading. Possibly both.
https://www.techdirt.com/articles/20...utrality.shtml





Google Fiber 2 Gig Service Goes Live as US Internet Gulf Widens
Chris Davies

Google Fiber has switched on its fastest service ever, with 2 Gig downloads promising double the speed of the ISP’s already-potent connection. A work-in-progress since Google’s internet provider arm announced it would be testing 2 Gig back in August, the good news is that it’s not extortionately priced. The bad news, though, is that availability is very limited.

Google Fiber is already limited in where, exactly, you can sign up. Currently there are fewer than twenty cities where the service has a presence, predominantly in California – including tech-hubs San Francisco and Oakland, as you’d expect – though also locations in Florida, Colorado, Washington, and others.

Google Fiber 2 Gig, though, will be even more exclusive than that. Just two cities will offer it, Huntsville and Nashville, alongside the regular 1 Gig connection. That stays at $70 per month, while 2 Gig service will be $100 per month.

Since that’s a download pace that’s more than many consumer modems and routers can actually handle, the ISP will be providing 2 Gig customers with its special Google Fiber Multi-Gig Router. That has a tri-band Mesh Extender for covering more of the house, along with WiFi 6 support.

Google Fiber hasn’t said when – or indeed if – it plans to spread the second speed tier across its other locations. However there’s a possibility that, even without broad availability, you might be able to get in as a beta tester. The company’s Trusted Tester Program is free to sign up to, with the potential to try out new features and services – like a speed boost – when the ISP needs user feedback.

Internet connection speeds have become a thorny topic this year, as the number of people working from home, studying remotely, or switching to home-schooling altogether has increased dramatically during the pandemic. In the process, it has highlighted just how much the typical ISP connection can vary in speed, depending on where you live.

A recent report from SatelliteInternet, for example, found that some rural areas in the US topped out at as little as 4.2 Mbps on average for their download speeds. Other rural locations have been much better provided for, with speeds in excess of 100 Mbps. That’s still a far cry from the sort of pace those with a cutting-edge fiber connection can expect.

There’s also a disparity in price, too, with that varying considerably by geography. Research by HighSpeedInternet ranked how much different states pay, on average, per megabit of internet connection. At the one extreme, some areas pay under a dollar per Mb; other states pay more than $7 per Mb, in contrast.

To bypass the expense of rolling out new fiber optic or other cabling, some operators are looking to wireless options. SpaceX’s Starlink, for example, is currently in beta with its satellite internet service, installing a constellation of low-orbit satellites to beam connectivity back to the ground. Other carriers, meanwhile, are using more terrestrial options, such as LTE and 5G to fill in gaps in coverage for underserved areas.
https://www.slashgear.com/google-fib...dens-04649808/





FCC Chairman Ajit Pai Out, Net Neutrality Back In

Opinion: As expected, Trump appointee Ajit Pai, who destroyed net neutrality, is leaving office. He leaves behind a legacy of higher internet prices and broken net neutrality. Things can only get better for the internet from here.
Steven J. Vaughan-Nichols

Federal Communications Commission (FCC) Chairman Ajit Pai said he plans to leave the commission on Jan. 20, 2021. This opens the door to President-elect Joe Biden to select a new head of the telecommunications regulator. While best known for wrecking network neutrality, in his resignation letter Pai largely ignored that issue. His only comment relating to it was "this FCC has not shied away from making tough choices. As a result, our nation's communications networks are now faster, stronger, and more widely deployed than ever before."

Few would agree with his rosy view. While according to the FCC's 2020 Broadband Deployment Report, only 22.3%, 21.3 million rural Americans, don't have access to internet download speeds of at least 25 Mbps, which is the recommended speed for working from home and online schooling, the real numbers are much worse. BroadbandNow Research using the FCC's own data found almost twice that number, 42 million, don't have broadband access.

This, in turn, as the coronavirus pandemic has made working from home the new normal, has made rural areas even more unattractive. In a recent SatelliteInternet survey, 36% of respondents said poor internet access is preventing them from moving to rural areas, while 67% said the internet availability in an area would affect their decision to move somewhere rural.

As for net neutrality, as predicted, ISP costs to users have gone up while performance remains stagnant. The New America centrist think tank found in its 2020 Cost of Connectivity survey, which was completed before the work from home movement picked up speed, that prices have continued to spiral upward.

The group also found that cost remains one of the biggest barriers to internet adoption. Cable.co.uk reported that US users pay $50 per month on average for the internet. And, thanks to a "lack of competition in the marketplace… Americans pay far more than they should compared to much of the rest of the world." I'm sure you're surprised.

New America also noted, the lack of choice between ISPs -- not just between urban and rural communities, but also between households that can afford a home internet connection and those that cannot -- are turning us into a country of internet haves and have nots.

Jonathan Schwantes', privacy and technology policy director for Consumers Union, the advocacy division of Consumer Reports, prediction has come true: "Internet providers are now free to move forward on the anti-competitive practices they were flirting with before these rules were passed, including throttling content and paid-prioritization schemes that place smaller businesses at a disadvantage and ultimately cost consumers more."

For example, data-cap programs for fixed ISPs are now becoming commonplace. Comcast, for example, will now put a 1.2TB monthly data cap on all its customers in early 2021. That may sound like a lot, but when everyone's working, studying, and playing at home, it's not that much.

Comcast isn't the only one. AT&T's millions of DSL subscribers also now must deal with monthly data caps. AT&T intends to kill off its legacy DSL business. This will leave millions of rural users with no broadband at all. Good job, Pai!

Charter/Spectrum, while denying that they'll ask for data caps, has asked the FCC to enable them to place caps starting in May 2021. Currently, Charter as part of its acquisition of Time Warner Cable, isn't allowed to place data caps.

Also as Schwantes predicted, major ISPs are using zero-rating to make their own media streaming services look good, while slowing down the competition. In zero-rating, an ISP lets you stream its streaming service for free while restricting alternatives.

For example, AT&T gives its customers' zero-rating on A&T TV Now, while if you wanted to watch Sling TV instead, your usage would count against your data cap. Evidence strongly suggests major ISPs, such as AT&T, Verizon, Sprint, and T-Mobile are slowing down traffic from popular video streaming services such as Netflix, YouTube, and Amazon Prime.

It's not just net neutrality where Pai has done the country wrong. Under defeated President Donald Trump, Pai has also sought to turn the FCC into what the Electronic Frontier Foundation (EFF) calls the free speech police. Trump's most recent would-be FCC appointment, Nathan Simington, is one of the legal architects behind his recent executive order seeking to strike down Section 230, the most important law protecting online free speech.

Before Pai leaves, he'll have one final issue to address. The FCC at its December 10th meeting will consider a "rip-and-replace" order. If passed, this would require all telecoms to remove Huawei and ZTE equipment from their networks on the grounds their hardware represents national security threats.

Who will Biden appoint in his place? Sources close to Biden's transition team say, Mignon Clyburn, a former FCC member under Obama, and Jessica Rosenworcel, a present member, are under consideration for the FCC Chairperson's spot. Both are strong net neutrality supporters.

Under Biden and a new FCC chair, net neutrality will return and both consumer and business users will get better, more fairly priced, and more broadly distributed internet. In these days when we need fast internet from the smallest home to the largest business, net neutrality is more important than ever.
https://www.zdnet.com/article/fcc-ch...ality-back-in/





For Big Tech, Biden Brings a New Era but No Ease in Scrutiny
Marcy Gordon

The Obama-Biden administration was a charmed era for America’s tech companies — a moment when they were lionized as innovators, hailed as job creators and largely left alone.

Now Joe Biden is coming back, this time as president. But times have changed. The halcyon days of an adoring Washington are unlikely to return when Biden takes the oath of office in January, with mounting legislative and regulatory challenges to the industry — including stronger enforcement of antitrust laws — nearly certain to outlast the tenure of President Donald Trump.

“The techlash is in full force,” said Eric Goldman, a law professor at Santa Clara University and co-director of its High Tech Law Institute.

In the years since Barack Obama and Biden left the White House, the tech industry’s political fortunes have flipped. Facebook, Google, Amazon and Apple have come under scrutiny from Congress, federal regulators, state attorneys general and European authorities. Twitter has found itself in frequent run-ins with lawmakers over its policies for moderating content on its platform. And companies have seen their political support in Congress erode.

Lawmakers on both sides of the aisle champion stronger oversight of the industry, arguing its massive market power is out of control, crushing smaller competitors and endangering consumers’ privacy. They say the companies hide behind a legal shield to allow false information to flourish on their social media networks or to entrench bias.

In steps Biden, who may aim to take a bite out of the dominance of Big Tech and may welcome an opportunity to work with the opposing side to curb the power of a common adversary.

As a presidential contender, Biden said the breakup of big tech companies should be considered. Dismantling the tech giants is “something we should take a really hard look at,” he told The Associated Press in an interview. He said he wants to see quickly crimped the social media companies’ long-held legal protections for speech on their platforms. And he singled out Facebook CEO Mark Zuckerberg for scorn, calling him “a real problem.”

The Biden administration is also expected to press forward with the Trump Justice Department’s new antitrust lawsuit against Google, though its shape likely could be changed.

But if Biden decides to pursue major legislation to overhaul the laws governing tech competition, he’ll have to navigate a tricky congressional and political landscape.

Democratic lawmakers in the House, after a sweeping investigation by a Judiciary Committee panel, called last month for Congress to rein in Big Tech, possibly forcing the giants to break up their businesses while making it harder for them to acquire others and imposing new rules to safeguard competition.

Those kinds of mandated breakups through a legislative overhaul would be a radical step for Congress to take and could be a bridge too far for most Republicans.

Though it hasn’t been settled, Biden faces the possibility of becoming the first Democrat in modern history to take office without his party controlling Congress. Republicans would retain control of the Senate by winning one of two runoff elections in Georgia in January. Democrats have already won the House.

Republican control of the Senate would force Biden to curb his ambitions and pursue a different legislative agenda, one rooted in bipartisanship. Legislation on the tech industry could be one area of possible agreement.

“Biden’s strength as a senator was exactly trying to broker those kinds of deals,” noted Santa Clara University’s Goldman.

But what may emerge in the end is a heavy reliance on executive power through more vigorous enforcement of existing antitrust laws, said Jerry Ellig, a former government official and professor at George Washington University’s Regulatory Studies Center. Republican lawmakers are likely to hang together in opposing fundamental changes to the tech industry, which also could affect smaller companies, while Democrats could be pulled in different directions.

The Justice Department’s landmark suit last month accused Google of abusing its dominance in online search and advertising to boost profits — the government’s most significant attempt to protect competition since its groundbreaking case against Microsoft over 20 years ago.

Then there’s the issue of legal protection for speech on the social media platforms of Facebook, Twitter and Google: another area of agreement between the two parties, though for different reasons.

Momentum has built in Congress toward curbing some of the bedrock protections that have generally shielded the companies from legal responsibility for what people post on their platforms. Republicans accuse the companies of anti-conservative bias that erases those viewpoints on social media while allowing what they describe as extreme leftist and anti-American rhetoric to thrive.

Democrats’ concern focuses on hate speech and conspiracy theories that have sometimes incited physical violence and on the amplification on tech platforms of falsehoods from Trump — most notably allegations of fraud in ballot counting in the recent election.

The social media companies’ CEOs rebuffed accusations of anti-conservative bias at a Senate hearing last month and promised to aggressively defend their platforms from being used to sow chaos in the Nov. 3 election.

Critics in both political parties say the immunity under Section 230 of a 1996 telecoms law enables the social media companies to abdicate their responsibility to impartially moderate content.

Biden has said that Section 230 “immediately should be revoked.”

Given the landscape in Congress and the factions of views on material seen by nearly everyone on the planet, quick action may be difficult.

If consensus legislation does emerge, suggests George Washington’s Ellig, “They’ll make it vague enough so everyone can claim victory.”
https://apnews.com/article/donald-tr...8ce5472cdb6e26





Running in Circles Uncovering the Clients of Cyberespionage Firm Circles
Bill Marczak, John Scott-Railton, Siddharth Prakash Rao1, Siena Anstis, and Ron Deibert

December 1, 2020

Summary & Key Findings

• Circles is a surveillance firm that reportedly exploits weaknesses in the global mobile phone system to snoop on calls, texts, and the location of phones around the globe. Circles is affiliated with NSO Group, which develops the oft-abused Pegasus spyware.
• Circles, whose products work without hacking the phone itself, says they sell only to nation-states. According to leaked documents, Circles customers can purchase a system that they connect to their local telecommunications companies’ infrastructure, or can use a separate system called the “Circles Cloud,” which interconnects with telecommunications companies around the world.
• According to the U.S. Department of Homeland Security, all U.S. wireless networks are vulnerable to the types of weaknesses reportedly exploited by Circles. A majority of networks around the globe are similarly vulnerable.
• Using Internet scanning, we found a unique signature associated with the hostnames of Check Point firewalls used in Circles deployments. This scanning enabled us to identify Circles deployments in at least 25 countries.
• We determine that the governments of the following countries are likely Circles customers: Australia, Belgium, Botswana, Chile, Denmark, Ecuador, El Salvador, Estonia, Equatorial Guinea, Guatemala, Honduras, Indonesia, Israel, Kenya, Malaysia, Mexico, Morocco, Nigeria, Peru, Serbia, Thailand, the United Arab Emirates (UAE), Vietnam, Zambia, and Zimbabwe.
• Some of the specific government branches we identify with varying degrees of confidence as being Circles customers have a history of leveraging digital technology for human rights abuses. In a few specific cases, we were able to attribute the deployment to a particular customer, such as the Security Operations Command (ISOC) of the Royal Thai Army, which has allegedly tortured detainees.

1. Background

The public discussion around surveillance and tracking largely focuses on well known technical means, such as targeted hacking and network interception. However, other forms of surveillance are regularly and extensively used by governments and third parties to engage in cross-border surveillance and monitoring.

One of the widest-used—but least appreciated—is the leveraging of weaknesses in the global mobile telecommunications infrastructure to monitor and intercept phone calls and traffic.

While well-resourced governments have long had the ability to conduct such activity, in recent years companies have emerged to sell these capabilities. For example, the Guardian reported in March 2020 that Saudi Arabia appeared to be “exploiting weaknesses in the global mobile telecommunications network to track citizens as they travel around the US.” Other investigative reports indicated that journalists, dissidents, and opposition politicians in Nigeria and Guatemala were similarly targeted.

Abuse of the global telephone system for tracking and monitoring is believed to be widespread, however it is difficult to investigate. When a device is tracked—or messages intercepted—there are not necessarily any traces on the target’s device for researchers or investigators to find. Meanwhile, cellular carriers have many technical difficulties identifying and blocking abuses of their infrastructure.

SS7 Attacks

Signaling System 7 (SS7) is a protocol suite developed in 1975 for exchanging information and routing phone calls between different wireline telecommunications companies. At the time of SS7’s development, the global phone network consisted of a small club of monopolistic telecommunications operators. Because these companies generally trusted each other, SS7 designers saw no pressing need to include authentication or access control. However, the advent of telecommunications deregulation and mobile technology soon began to challenge the assumption of trust. Even so, SS7 endured, thanks to a desire to maintain interoperability with older equipment.

Because of SS7’s lack of authentication, any attacker that interconnects with the SS7 network (such as an intelligence agency, a cybercriminal purchasing SS7 access, or a surveillance firm running a fake phone company) can send commands to a subscriber’s “home network” falsely indicating that the subscriber is roaming. These commands allow the attacker to track the victim’s location, and intercept voice calls and SMS text messages. Such capabilities could also be used to intercept codes used for two-factor authentication sent via SMS. It is challenging and expensive for telecommunications operators to distinguish malicious traffic from benign behavior, making these attacks tricky to block.

Today, SS7 is predominantly used in 2G and 3G mobile networks (4G networks use the newer Diameter protocol). One of SS7’s key functions in these networks is handling roaming, where a subscriber to a “home network” can connect to a different “visited network,” such as when traveling internationally. In this situation, SS7 is used to handle forwarding of phone calls and SMS text messages to the “visited network.” Although 4G’s Diameter protocol includes features for authentication and access control, these are optional. Additionally, the need for Diameter networks to interconnect with SS7 networks also introduces security issues. There is widespread concern that 5G technology and other advances will inherit the risks of these older systems.

Circles

While companies selling exploitation of the global cellular system tend to operate in secrecy, one company has emerged as a known player: Circles. The company was reportedly founded in 2008, acquired in 2014 by Francisco Partners, and then merged with NSO Group. Circles is known for selling systems to exploit SS7 vulnerabilities, and claims to sell this technology exclusively to nation-states.

Unlike NSO Group’s Pegasus spyware, the SS7 mechanism by which Circles’ product reportedly operates does not have an obvious signature on a target’s phone, such as the telltale targeting SMS bearing a malicious link that is sometimes present on a phone targeted with Pegasus.

Most investigation of Circles has relied on inside sources and open source intelligence, rather than technical analysis. For example, a 2016 investigation by Nigerian newspaper Premium Times reported that two state governors in Nigeria acquired Circles systems and used them to spy on political opponents. In one case, the system was installed at the residence of a governor. Our scanning found two Circles systems in Nigeria (Section 4).

Documents filed as part of a lawsuit against NSO Group in Israel purport to show emails exchanged between Circles and several customers in the UAE. Most famously, the documents show Circles sending targets’ locations and phone records (Call Detail Records or CDRs) to the UAE Supreme Council on National Security (SCNS), apparently as part of a product demonstration. The emails also indicate that intercepting phone calls of a foreign target has a higher chance of success when the target is roaming.

Figure 1: The logo of Circles.

The same documents explain some facets of how the Circles system operated. The SCNS was set to receive two separate systems: a standalone system that could be used for local interceptions and a separate system connected to the “Circles Cloud” (an entity with roaming agreements around the world) that could be used for interceptions outside of the UAE if desired.

Circles System Component Function
Offline, on-premises deployment Within-country targeting
Circles Cloud Global targeting & interception

In 2015, IntelligenceOnline suggested that Circles started a bogus phone company called “Circles Bulgaria” to facilitate interceptions around the world. More recently, a 2020 report by Forensic News raised questions as to the true business of FloLive, purportedly an “IoT connectivity” company. Forensic News found that FloLive appeared to be closely associated with Circles, and suggested that the company might be a “front for the hackers and private spies behind Circles.”

There is also limited information about how the Circles system integrates with NSO Group’s flagship Pegasus spyware, though a former NSO Group employee told Motherboard that Pegasus had an “awful integration with Circles,” and that Circles had “exaggerated their system’s abilities.”

2. Fingerprinting & Scanning for Circles

While searching Shodan, we observed interesting results in AS200068, a block of IP addresses registered to Circles Bulgaria (Figure 2). These results show hostnames of firewalls manufactured by Check Point, as well as the hostnames of the firewalls’ SmartCenter instance. SmartCenter can be used to centrally manage multiple Check Point firewalls.

Figure 2: Shodan probe results for Check Point firewalls in AS200068 (Circles Bulgaria Ltd).

The SmartCenter hostnames in the Circles-registered AS200068 contain the domain name tracksystem.info. It seems clear that tracksystem.info is associated with Circles, as leaked documents show Circles employees communicating from @tracksystem.info email addresses. Additionally, per RiskIQ, 17 of the 37 IP addresses pointed to by tracksystem.info or its subdomains are in AS200068 as well as AS60097, also registered to Circles Bulgaria.

We searched for Check Point firewalls whose SmartCenter hostname contained tracksystem.info on Shodan, Censys, Fofa, and on Rapid7’s historical sonar-ssl dataset. We also searched for IPs that returned peculiar “random” TLS certificates matching the following regular expression, as we saw these certificates returned by Check Point firewalls with tracksystem.info in their SmartCenter hostnames:
/^C=[a-zA-Z0-9]{2}, ST=[a-zA-Z0-9]{3}, L=[a-zA-Z0-9]{3}, O=[a-zA-Z0-9]{4}, OU=[a-zA-Z0-9]{5}, CN=localhost$/

Overall, we identified 252 IP addresses in 50 ASNs matching our fingerprints. Many had a “Firewall Host” field seemingly indicating that the systems were client systems, e.g., client-circles-thailand-nsb-node-2, though some used the word telco in place of client, and some had a generic name rather than a client name, e.g., cf-00-182-1. In cases where we identified Circles’ Check Point firewalls on a Transit/Access ISP (i.e., a non-datacenter ISP), we assumed that some agency of that country’s government was a customer of Circles.

Some of the clients that we identified have two-word nicknames, where the first word is a car brand that almost always shares the same first letter as the country or state of the apparent customer. For example, Circles firewalls whose IPs geolocate to Mexico are named “Mercedes,” those that geolocate to Thailand are named “Toyota,” those that geolocate to Abu Dhabi are named “Aston,” and those that geolocate to Dubai are named “Dutton.”

The use of car brands to refer to clients was first reported by Haaretz, though the report indicated that this was an NSO Group practice, as opposed to Circles. Haaretz reported the following codenames: Saudi Arabia is “Subaru,” Bahrain is “BMW,” and Jordan is “Jaguar.” Our scans did not reveal any Check Point firewalls linked to Circles with the names Subaru or Jaguar, though we did identify firewalls with the name “BMW” located in Belgium.

3. A Global List of Circles Deployments

From the 252 IP addresses we detected in 50 ASNs, we identified 25 governments that are likely to be Circles customers. We also identified 17 specific government branches that appear to be Circles customers, based on WHOIS, passive DNS, and historical scanning data from Check Point firewall IPs or their neighbours.

Australia, Belgium, Botswana (Directorate of Intelligence and Security Services), Chile (Investigations Police), Denmark (Army Command), Ecuador, El Salvador, Estonia, Equatorial Guinea, Guatemala (General Directorate of Civil Intelligence), Honduras (National Directorate of Investigation and Intelligence), Indonesia, Israel, Kenya, Malaysia, Mexico (Mexican Navy; State of Durango), Morocco (Ministry of Interior), Nigeria (Defence Intelligence Agency), Peru (National Intelligence Directorate), Serbia (Security Information Agency), Thailand (Internal Security Operations Command; Military Intelligence Battalion; Narcotics Suppression Bureau), the United Arab Emirates (Supreme Council on National Security; Dubai Government; Royal Group), Vietnam, Zambia, and Zimbabwe.

While our analysis yielded country results with high confidence, our efforts to determine the customer identity have, in some cases, a lower degree of confidence.

Figure 3: Countries that appear to have at least one Circles client.

We also found evidence of at least four systems that we were unable to connect to a particular country (Appendix A).

4. Spotlight on Concerning Circles Deployments

Our research identified deployments in 25 countries. In several cases, we were able to go further and identify technical elements pointing to a particular government customer with varying degrees of certainty. Troublingly, in a number of these cases, the government as a whole, or the government client in particular, have a history of misuse of surveillance technologies and human rights abuses. While several cases are highlighted here, Appendix A lists the additional deployments found by our fingerprinting.
Botswana

We identified two Circles systems in Botswana: an unnamed system and a system named Bentley Bullevard that appears to be operated by Botswana’s Directorate of Intelligence and Security Service (DISS), as TLS certificates used on the Check Point firewalls were signed by a self-signed TLS certificate for “CN=sid.org.bw” which is a domain name used by the Directorate of Intelligence and Security. The DISS is sometimes referred to as the “Directorate of Intelligence and Security” (DIS).

Client Name Possible Identity Dates Active Firewall IPs
Bentley Bullevard Directorate of Intelligence and Security Service (DISS) 2015/6/1 – Present 129.205.243.1 – 3

129.205.243.60 – 62

41.79.138.17 – 19
2015/6/1 – 2020/9/10 168.167.45.100 – 102

Surveillance Abuses in Botswana

There are multiple recent reports of the abuse of surveillance equipment in Botswana to suppress reporting and public awareness of governmental corruption. In 2014, it was reported that the DISS participated in using surveillance and jamming technology developed by Elbit Systems to conduct “electronic warfare” against the media. In addition, the DISS has reportedly engaged in attempts to compromise the privacy of relationships between sources and reporters.

Chile

Our scanning identified what appeared to be a single Circles system in Chile, codename Cadillac Polaris. The system appears to be operated by the Investigations Police of Chile (PDI), as the Check Point firewalls identify the client as “Chile PDI.” The PDI is Chile’s main law enforcement agency. The Chile PDI was also a customer of Hacking Team’s Remote Control System (RCS) spyware, although they claimed that the spyware was only used for prosecuting crimes with prior judicial authorization.

Client Name Possible Identity Dates Active Firewall IPs
Cadillac Polaris Investigations Police of Chile (PDI) 2015/9/12 – Present 186.103.207.10 – 12

Surveillance Abuses in Chile

Between 2017 and 2018, Chile’s other major national police agency, the Carabineros, reportedly illegally intercepted the calls, WhatsApp chats, and Telegram messages of multiple journalists. Chilean police also intercepted the communications of Indigenous Mapuche leaders and cited intercepted chats to justify the arrests. However, officials were later prosecuted for planting false evidence on the leaders’ phones.

Guatemala

We identified a single Circles system in Guatemala, Ginetta Galileo. The system appears to have been operated by the General Directorate of Civil Intelligence (DIGICI), as public WHOIS information records that the firewall IPs are registered to “Dirección General de Inteligencia Civil.”

Client Name Possible Identity Seen in Scan Firewall IPs
Ginetta Galileo General Directorate of Civil Intelligence (DIGICI) 2015/6/1 – 2016/5/2 190.111.27.165 – 167
Surveillance Abuses in Guatemala

A 2018 investigation by Guatemalan newspaper Nuestro Diario found that an Israeli arms dealer sold a variety of spy tools, including NSO Group’s Pegasus spyware and a Circles system, to a secret unit within DIGICI. The unit reportedly used the equipment to conduct illegal surveillance against journalists, businesspeople, and political opponents of the government. The surveillance arose amidst extreme physical threat to members of civil society. A recent report identified over 900 attacks between 2017-2018 in Guatemala, originating from both government and non-state actors.

Mexico

We identified what appear to be ten Circles systems in Mexico. One system, Mercedes Ventura, appears to have been used by the Mexican Navy (SEMAR). All firewall IPs for the Mercedes Ventura system were in /24s with multiple other IP addresses that are pointed to by domain names and return valid TLS certificates for semar.gob.mx and other websites linked to the Mexican Navy. An unnamed system appears to have been used by the State of Durango, as one of its firewall IPs was also pointed to by dozens of subdomains of durango.gob.mx. Additional details about the Mexico Circles systems are in Appendix A.

Reporting has previously connected the Mexican government to the purchase of other SS7 surveillance equipment, such as ULIN made by Ability, as well as a system codenamed SkyLock sold by Verint Systems Inc.

Surveillance Abuses in Mexico

Mexico has an extensive history of surveillance abuses. Notably, our prior research has shown that entities within Mexico’s government serially abused NSO Group’s Pegasus spyware to target over 25 reporters, human rights defenders, and the families of individuals killed and disappeared by cartels. The pattern of abuses extends to other forms of digital surveillance.

Human rights organizations have documented that Mexico’s Navy has been responsible for civilian casualties in conflicts and human rights violations, including illegal detention, kidnapping, torture, and sexual torture. Mexico’s National Human Rights Commission recently confirmed this pattern in a recommendation.

Morocco

Our scanning identified what appeared to be a single Circles system in Morocco. The Morocco client’s IPs are in the same /27 as several websites of the Bureau central d’investigation judiciaire (BCIJ), and are in the same /26 as the website of the Moroccan Auxiliary Forces (FA). Both the FA and BCIJ are under the auspices of Morocco’s Ministry of Interior. A government agency in Morocco also appears to be a client of Circles’ affiliate NSO Group, though the identity of this Moroccan agency has not been established.

Client Name Possible Identity Seen in Scan Firewall IPs
Ministry of Interior 2018/3/14 – Present 105.145.40.27-28

Surveillance Abuses in Morocco

Morocco has been connected to multiple cases of surveillance abuse over the past decade, ranging from the targeting of human rights organizations with Hacking Team’s spyware to a string of more recent cases in which NSO Group’s Pegasus spyware was used to target civil society within Morocco and abroad.

Nigeria

Our scanning identified two Circles systems in Nigeria. One system may be operated by the same entity as one of the Nigerian customers of the FinFisher spyware that we detected in December 2014. The firewall IPs are in the same /27 as the IP address of the FinFisher C&C server we detected in our 2014 scans (41.242.50.50). The other client appears to be the Nigerian Defence Intelligence Agency (DIA), as its firewall IPs are in AS37258, a block of IP addresses registered to “HQ Defence Intelligence Agency Asokoro, Nigeria, Abuja.”

Client Name Possible Identity Seen in Scan Firewall IPs
Nigeria Defence Intelligence Agency (DIA) 2015/6/1 – 2017/4/25 196.1.133.7 – 9
Unknown FinFisher operator from December 2014. 2015/6/1 – Present 41.242.50.42 – 47

Surveillance Abuses in Nigeria

Members of civil society in Nigeria face a wide range of digital threats. A recent report by Front Line Defenders concluded that Nigeria’s government “has conducted mass surveillance of citizens’ telecommunications.” The Committee to Protect Journalists (CPJ) has also reported multiple cases of the Nigerian government abusing phone surveillance.

An investigation by Nigerian newspaper Premium Times found that Nigerian governors of Bayelsa and Delta states purchased systems from Circles to spy on their political opponents. In Delta State, Premium Times reports that the system was installed at the “governor’s lodge,” and operated by employees of the Governor, rather than police. In Bayelsa State, the governor reportedly used the Circles system to spy on his opponent in an election, as well as his opponent’s wife and aides. The investigation also found that the two Circles systems were imported without the proper authorizations from Nigeria’s Office of the National Security Adviser.

Thailand

Our scanning identified what appear to be three current clients in Thailand. The firewall IP addresses for Toyota Regency are in the same /29 as the online “War Room” of the Royal Thai Army’s Internal Security Operations Command (กองอำนวยการรักษาความมั่นคงภายใน), known as ISOC for short.

The firewall IP addresses for an unnamed system are in the same /29 as a wiki that displays the logo of the Military Intelligence Battalion (MIBn) (กองพันข่าวกรองทางทหาร), which appears to be a division of the Army Military Intelligence Command (หน่วยข่าวกรองทางทหาร), Thailand’s main military intelligence agency. The third system, Toyota Dragon, is identified by its Check Point firewalls as “Thailand NSB”, which we believe is a reference to the Narcotics Suppression Bureau.

Client Name Possible Identity Seen in Scan Firewall IPs
Royal Thai Army Military Intelligence Battalion (MIBn) 2019/3/19 – Present 110.164.191.212 – 214

122.154.71.180 – 182
Toyota Regency Royal Thai Army Internal security Operations Command (ISOC) 2016/7/12 – Present 110.164.72.2 – 4
Toyota Dragon Royal Thai Police Narcotics Suppression Bureau (NSB) 2015/9/12 – Present 203.149.46.164 – 166

Surveillance Abuses in Thailand

Thailand has a history of leveraging a wide range of surveillance technologies to monitor and harass civil society. Previous Citizen Lab research also identified a Pegasus spyware operator active within Thailand.

The ISOC has been accused of torturing and waterboarding activists, and suing activists who allege torture at the hands of the military. Recently, disturbing reports have emerged of abductions of Thai dissidents who live outside of Thailand. In one case, three Thai dissidents living in Laos who criticized Thailand’s military disappeared, and their bodies were later discovered by a Thai fisherman. Their bodies were “disemboweled and stuffed with concrete posts” and their limbs broken. While these abductions and killings have not been conclusively attributed to the Royal Thai Army, the disappearances are reported to have happened while the leader of Thailand’s former military junta Prayut Chan-o-cha (ประยุทธ์ จันทร์โอชา) was visiting Laos. Chan-o-cha is the current Prime Minister of Thailand, as well as the director of ISOC.

United Arab Emirates

Our scanning identified what appear to be three active clients in the UAE: the UAE Supreme Council on National Security (SCNS) (المجلس الأعلى للأمن الوطني), the Dubai Government, and a client that may be linked to both Sheikh Tahnoon bin Zayed al-Nahyan’s Royal Group and former Fatah strongman Mohammed Dahlan.

Client Name Possible Identity Seen in Scan Firewall IPs
Royal Group 2019/8/27 – Present 94.206.102.68 – 70
Aston Andromeda UAE Supreme Council of National Security 2016/4/4 – Present 213.42.167.106 – 108

91.72.225.2 – 4
Dutton Dolche Dubai Government 2016/12/5 – Present 151.253.54.210 – 212

91.75.44.84 – 86

Royal Group

We found an unnamed UAE Circles system whose Check Point firewalls were in the same /25 as websites for Royal Group companies including Mauqah Technology, which famously acquired and operated Hacking Team’s RCS spyware and, in 2012, used the system to target (among others) UAE activist Ahmed Mansoor. The command and control (C&C) server for that spyware briefly pointed to an IP address registered to Sheikh Tahnoon bin Zayed Al-Nahyan, the chairman of Royal Group and the UAE’s now National Security Advisor. Sheikh Tahnoon was also closely linked to ToTok, a popular chat app that was banned from the Apple and Google Play stores after the New York Times reported it was linked to UAE intelligence.

A leaked 2014 invoice indicates a deal between Circles and Al Thuraya Consultancy and Researches LLC, which appears to be linked to Royal Group. Records obtained by Lebanese newspaper Al Akhbar from the Abu Dhabi Chamber of Commerce and records on companies.rafeeg.ae show that Al Thuraya shares a PO Box number (“PO Box 5151, Abu Dhabi”) and fax number (““8111112””) with Royal Group. Additionally, Al Thuraya’s commercial license shows “Dhahi Mohammed Hamad Al-Thumairi” as one of the company’s two partners. Al-Thumairi trained in jiu-jitsu with Sheikh Tahnoon’s adopted son Faisal Alketbi, received jiu-jitsu encouragement from Sheikh Tahnoon himself, and named his first son “Tahnoon.” Another of Sheikh Tahnoon’s jiu-jitsu mentees showed up in the ToTok case as the sole director of Breej Holding, the company listed as the app’s iOS developer.

Figure 4: Links between reported Circles customer Al-Thuraya Consultancy, UAE National Security Advisor Sheikh Tahnoon bin Zayed Al-Nahyan, and Mohammed Dahlan.

Al Thuraya has been reported to be the consultancy of Mohammed Dahlan, the former head of the Palestinian Preventive Security (الأمن الوقائي), and a former member of Fatah’s Central Committee. Dahlan was ejected from Fatah in June 2011, and subsequently fled to the UAE. Indeed, the leaked 2014 invoice shows Al Thuraya’s address as “POB 128827, Abu Dhabi, United Arab Emirates,” which is listed in WHOIS records for Dahlan’s dahlan.ps website from September 2013, and was used by Dahlan in June 2017 when he unsuccessfully sued London-based online newspaper Middle East Eye for libel. Dahlan reportedly ran an assassination program for the UAE in Yemen that targeted and killed opposition politicians. Dahlan was also reportedly involved in the recent deal that normalized relations between the UAE and Israel.

UAE Supreme Council of National Security

In a leaked 2015 exchange, a UAE Supreme Council of National Security (SCNS) official, Ahmed Ali Al-Habsi, asked Circles to intercept calls for certain phone numbers, apparently as part of a product demonstration. We found a Circles system named Aston Andromeda whose firewall IPs were registered to the same SCNS official per public WHOIS data.

The leaked documents also detail a 2016 Circles sale to the UAE National Electronic Security Authority (NESA) (الهيئة الوطنية للأمن الإلكتروني) through DarkMatter. While NESA is a subsidiary of the SCNS per UAE law, we are not sure whether the SCNS demo and DarkMatter/NESA deals are related. After Reuters’ reporting on the NESA’s Project Raven hacking campaign, the NESA was split up into several agencies, including the Signals Intelligence Agency (جهاز استخبارات الإشارة).

Surveillance Abuses in the UAE

The UAE government is a documented serial abuser of surveillance technologies to suppress dissent and persecute critical voices. Some prominent activists, like Ahmed Mansoor, an Emirati prisoner of conscience who has been imprisoned by the UAE since 2017, have been surveilled using technology from Hacking Team, Gamma Group’s FinFisher, technology developed by Project Raven, and NSO Group’s Pegasus spyware.

The UAE’s use of former U.S. National Security Agency employees to target the devices of dissidents, journalists, and political opponents is also well documented, as is the apparent use of this targeting to unmask and jail bloggers and others critical of the government. In some cases, the targets included Americans.

Zambia

We identified what appears to be a single Circles system in Zambia, operated by an unknown agency.
Client Name Possible Identity Seen in Scan Firewall IPs
2018/1/30 – 2018/2/6 165.56.2.13

Surveillance Misuse in Zambia

In 2019, Zambia reportedly arrested a group of bloggers who ran an opposition news site with the aid of “a cyber-surveillance unit in the offices of Zambia’s telecommunications regulator,” which “pinpointed the bloggers’ locations” and was “in constant contact with police units deployed to arrest them.” While Circles’ solution allows governments to track phones, it is not clear if Zambia’s Circles system was used in this case.

Discussion

Circles is part of a large and growing global surveillance industry catering to government clients. Many of the government clients who appear to have acquired and/or deployed Circles technology have a dismal record of abuses of human rights and technical surveillance capabilities. Many lack public transparency and accountability, and have minimal or no independent oversight over the activities of their security agencies.

Circles: Another Industry Player Fueling the Proliferation of Unaccountable Surveillance

It is difficult to investigate and track surveillance companies like Circles that exploit flaws in the SS7 protocol. Many SS7 attacks require no engagement with targets themselves, and leave no visible artefacts on targets’ devices that may inadvertently reveal an operation. The lack of transparency from telecommunications providers about abuses also helps surveillance companies, and their customers, evade exposure, further increasing the likelihood of misuse.

The authoritarian profile of some of Circles’ apparent government clients is troubling, but not surprising. Over the past decade, the explosion of the global surveillance industry has fueled a massive transfer of spy technology to problematic regimes and security services. These customers have leveraged their newly-acquired capabilities to abuse human rights and neutralize political opposition, even beyond their borders. Circles is an especially concerning case because of their close relationship and reported integration with NSO Group, which has a notorious record of enabling surveillance abuses.

The Expanding, Unregulated Surveillance Industry

Research by the Citizen Lab and others, including Amnesty International and Privacy International, has demonstrated that the surveillance industry is poorly regulated and its products are prone to abuse. The “self-regulation” that companies claim to practice does not seem to have stemmed the growing tide of abuse cases. In a 2019 report on the surveillance industry, the U.N. Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression called for “an immediate moratorium on the global sale and transfer of private surveillance technology until rigorous human rights safeguards are put in place to regulate such practices and guarantee that governments and non-State actors use the tools in legitimate ways.”

As the surveillance industry continues to grow relatively unimpeded, spaces for legitimate democratic activity will continue to shrink. Governments’ ability to protect their citizens, as well as their own essential services and national security, will also continue to erode. Fixing this problem will require a direct focus on reforming the surveillance industry, including, among other steps:

• The enactment of more robust domestic, regional, and international legal frameworks—equipped with meaningful transparency, enforcement, and oversight mechanisms—to control the export and import of surveillance technology;
• Mandatory due diligence obligations on surveillance companies and enforcement mechanisms with tough penalties for breaches of such obligations; and,
• Legislative amendments to fix any legal and regulatory gaps such that parties harmed by surveillance technology can bring claims against companies for these harms.

In addition to these broader measures focused on the surveillance industry, we believe that the vulnerabilities inherent in the global telecommunications system require urgent action by governments and telecommunications providers. The global telecommunications sector provides significant opportunity for abuse by the surveillance industry and its customers in light of the continued failure of telecommunications operators and states to prevent such exploitation. In the discussion below, we set out clear actions that legislators and wireless operators must take to prevent continued exploitation and abuse.

Sounding the Alarm: A Clear and Present Threat to National Security

According to a recent study, the vast majority of telecommunications networks around the globe are vulnerable to the kind of techniques reportedly used by Circles. As has been widely reported, the industry has sought to downplay and conceal these risks. It is no surprise that reporting indicates that SS7 has been abused by countries like Saudi Arabia to target individuals around the world, including in the U.S.

A recent survey of E.U. wireless security by the European Union Agency for Cybersecurity (ENISA) concluded that a majority of operators had security measures that could “only cover basic attacks.” Troublingly, reporting of the scale of these threats remains difficult to achieve, as SS7 abuse is not within current reporting obligations for the European telecommunications sector.

In addition, it is known within the industry that some countries fail to meet basic obligations of due diligence and oversight with respect to their networks, enabling foreign entities access to SS7 and Diameter for the purposes of conducting global surveillance.

We believe that the historically limited public information about abuses has enabled the telecommunications industry to further minimize the problem. There is no public reporting from most telecommunications companies about the scale of the threats to users, the number of attacks identified and blocked, or a roadmap for addressing these threats in the future. This state of affairs will result in predictable, preventable harm to customers across the globe.

Risks in the U.S.

In April 2017, the U.S. Department of Homeland Security (DHS) conducted a major study that concluded: “all U.S. carriers are vulnerable to these exploits, resulting in risks to national security, the economy, and the Federal Government’s ability to reliably execute national essential functions.” According to the DHS report, “SS7 and Diameter vulnerabilities can be exploited by criminals, terrorists, and nation-state actors/foreign intelligence organizations” and “many organizations appear to be sharing or selling expertise and services” that could be used to conduct such espionage.

In response to a 2017 letter by Senator Ron Wyden requesting information about what steps U.S. carriers were taking to secure their networks, AT&T acknowledged that “hundreds of carriers now have access to SS7, many of them in unstable or unfriendly nations where credentials can be compromised…even sold on the open market for a fee.” The company went on to acknowledge that “the trust model is no longer fully reliable.”

In a 2018 letter to the Federal Communications Commission (FCC), Senator Wyden revealed that an unnamed U.S. carrier had suffered a SS7-related breach of customer information, which it reported to federal authorities. Subsequent investigative reporting revealed that the FCC had ignored expert recommendations by the DHS and instead espoused a voluntary compliance program at the urging of the wireless industry. Additionally, the reporting found that, although SMS messages are vulnerable to SS7 interception, the wireless industry successfully lobbied the National Institute of Standards and Technology (NIST) to keep SMS text messages as an approved method of two factor authentication in U.S. government standards.

The troubling inability of the U.S. government and telecommunications sector to address SS7 vulnerabilities is mirrored in many countries around the world.

Risks in Canada

In 2017, a joint investigation undertaken by CBC News and Radio Canada, in cooperation with German security researchers, demonstrated an SS7 attack against a sitting member of parliament, Matthew Dubé. With only a telephone number, the investigators were able to use SS7 vulnerabilities to track Dubé’s precise movements and intercept his calls. The tests were conducted over both the Rogers and Bell networks.

In its 2018 annual report, Canada’s Privacy Commissioner noted the investigation, flagged SS7 security weaknesses, and called on the Canadian government and industry to work together to resolve them. In response, Canada’s signals intelligence agency, the Communications Security Establishment (CSE), said that “the security issues surrounding SS7, have been known for some time” and that it had been working with industry partners to resolve them. However, CSE also asserted that it “is unable to discuss further details of meetings with industry partners, and we cannot disclose the participation of individual, private telecommunications partners.”

For guidance, the CSE suggested the public visit a “mobile security” information page, now available on the newly established Canada Centre for Cyber Security website in a section on “infographics.” However, the website and accompanying infographic do not mention SS7 explicitly and provide only basic advice on mobile security practices.

Legislators: Do This Now

Governments across the globe should take action to protect their citizens and their own operations. Telecommunications regulatory bodies should conduct regular audits of national networks and mandate carriers to identify, disclose, and address vulnerabilities.

The U.K. government has shown promising leadership in addressing carrier security, with recently proposed legislation that requires carriers to secure their networks and gives Ofcom (the U.K. telecommunications regulator) the authority to ensure compliance. The newly proposed powers granted to Ofcom include the ability to conduct audits and to compel the production of records and other information related to a carrier’s security efforts. The proposed law would also, for the first time, require carriers to disclose compromises to their customers and provide for fines in some cases.

The European Union has also taken note of telecommunication network vulnerabilities and made recent recommendations that encourage EU nations to conduct regular analyses of the threat landscape, adopt minimum security standards, and require incident reporting. We also note that Nordic regulators have undertaken efforts to establish best practices for protecting their infrastructure from SS7 attacks.

In contrast, the U.S. FCC has shown no will to compel carriers to report incidents or undertake serious security improvements. Given the rapid proliferation of SS7 and Diameter exploitation technologies both to states and non-state actors, it seems likely that without urgent action, U.S. consumers and government operations will be targeted by an increasingly wide range of potential threats.

Wireless Carriers: Do This Now

We urgently recommend that telecommunication companies examine SS7 and Diameter traffic originating from providers in countries where we have identified a Circles deployment for patterns of abuse. The SS7 and Diameter exploitation marketplace, as well as the wireless threat landscape, are constantly evolving. The recommendations provided by the DHS are highly relevant: every major wireless carrier should receive an independent SS7 and Diameter audit every 12-18 months, and should address any identified vulnerabilities. The ENISA also provides a range of security recommendations for carriers.

We are aware that some providers, such as a number of U.S. companies, are experimenting with SS7 firewalls, which show promise in reducing some types of attacks. We urge providers to publicly disclose their roadmaps for addressing SS7 and Diameter vulnerabilities, and believe that information about SS7 threats should be included in telco companies’ transparency reporting going forward.

Sounding the Alarm: Recommendations for High Risk Users

Whether you are a journalist, human rights defender, or government employee, telecommunication network vulnerabilities may make it possible for adversaries to intercept your verification SMSes and compromise your accounts. If you believe you face threats because of who you are or what you do from any of the countries mentioned in this report, or even a country not listed above, we urge you to migrate away from SMS-based two factor authentication immediately for all accounts where it is possible. Directions on how to use a security key for some of your accounts are here.

In addition, for accounts on popular apps such as Signal, WhatsApp and Telegram, we urge you to immediately enable a security PIN or password for your account.

• Directions for Signal
• Directions for WhatsApp
• Directions for Telegram

Acknowledgements

Thanks to Rapid7 and Censys for providing research access to their data feeds.

Bill Marczak’s work on this report was supported, in part, by the International Computer Science Institute and the Center for Long-Term Cyber Security at the University of California, Berkeley.

The authors would like to thank Jeffrey Knockel for peer review and Stephanie Tran for research assistance. Special thanks to several other reviewers who wish to remain anonymous as well as TNG.

Financial support for this research has been provided by the John D. and Catherine T. MacArthur Foundation, the Ford Foundation, the Hewlett Foundation, Open Societies Foundation, the Oak Foundation, and Sigrid Rausing Trust.
https://citizenlab.ca/2020/12/runnin...-firm-circles/

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

November 28th, November 21st, November 14th, November 7th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
__________________
Thanks For Sharing
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 04:27 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)