The chief scientist of the Asia Pacific Network Information Center has a theory about why the world hasn't moved to IPv6. From a report: In a lengthy post to the center's blog, Geoff Huston recounts that the main reason for the development of IPv6 was a fear the world would run out of IP addresses, hampering the growth of the internet. But IPv6 represented evolution -- not revolution. "The bottom line was that IPv6 did not offer any new functionality that was not already present in IPv4. It did not introduce any significant changes to the operation of IP. It was just IP, with larger addresses," Huston wrote.

IPv6's designers assumed that the protocol would take off because demand for IPv4 was soaring. But in the years after IPv6 debuted, Huston observes, "There was no need to give the transition much thought." Internetworking wonks assumed applications, hosts, and networks would become dual stack and support IPv6 alongside IPv4, before phasing out the latter. But then mobile internet usage exploded, and network operators had to scale to meet unprecedented demand created by devices like the iPhone. "We could either concentrate our resources on meeting the incessant demands of scaling, or we could work on IPv6 deployment," Huston wrote.

Speaking of streaming services, an anonymous reader shares a story that looks into Apple's entertainment offering: Ever since its launch in 2019, Apple TV+ has been carving out an identity as the new home for prestige shows from some of Hollywood's biggest names -- the kind of shows that sound natural coming out of Jimmy Kimmel's mouth in monologue jokes at the Emmys. While the company never provides spending details, Apple is estimated to have spent at least $20 billion recruiting the likes of Reese Witherspoon, M. Night Shayamalan, and Harrison Ford to help cultivate its award-worthy sheen. For all the effort Apple has expended, and for all the cultural excitement around Ted Lasso during its three-season run, the streaming service has won nearly 500 Emmys ... while attracting just 0.2% of total TV viewing in the U.S.

No wonder the company reportedly began reining in its spending spree recently. (Apple did not reply to a request for comment.) "It seems like Apple TV wants to be seen as a platform that's numbers-agnostic," says Ashley Ray, comedian, TV writer, and host of the erstwhile podcast TV I Say. "They wanna be known for being about the creativity and the love of making TV shows, even if nobody's watching them."

The experience of enjoying a new Apple TV+ series can often be a lonely one. Adventurous subscribers might see an in-network ad about something like last summer's Sunny, the timely, genre-bending Rashida Jones series about murderous AI, and give it a shot -- only to find that nobody else is talking about it in their social media feeds or around the company Keurig machine. Sure, the same could be said for hundreds of other streaming series in the post-monoculture era, but most streaming companies aren't consistently landing as much marquee talent for such a limited library. (Apple currently has 259 TV shows and films compared to Netflix's nearly 16,000.)

How is it possible for a streaming service to have as much high-pedigree programming as Apple TV+ does and so relatively few viewers, despite an estimated 25 million paid subscribers? How can shows starring Natalie Portman, Idris Elba, and Colin Farrell launch and even get renewed without ever quite grazing the zeitgeist? How does a show set in the same Monsterverse as Godzilla vs. Kong, and starring Kurt Russell and his roguishly charming son, not become a monster-size hit?

For many perplexed observers, the blame falls squarely on Apple's marketing efforts, or seeming lack thereof.

An anonymous reader shares a report: Subscription fees for video streaming services have been on a steady incline. But despite subscribers paying more, surveys suggest they're becoming less satisfied with what's available to watch.

At the start of 2024, the industry began declaring the end of Peak TV, a term coined by FX Networks Chairman John Landgraf that refers to an era of rampant content spending that gave us shows like The Wire, Breaking Bad, and Game of Thrones. For streaming services, the Peak TV era meant trying to lure subscribers with original content that was often buoyed by critical acclaim and/or top-tier actors, writers, and/or directors. However, as streaming services struggle to reach or maintain profitability, 2024 saw a drop in the number of new scripted shows for the first time in at least 10 years, FX Research found.

Meanwhile, overall satisfaction with the quality of content available on streaming services seems to have declined for the past couple of years. Most surveys suggest a generally small decline in perceived quality, but that's still perturbing considering how frequently streaming services increase subscription fees. There was a time when a streaming subscription represented an exclusive ticket to viewing some of the best new TV shows and movies. But we've reached a point where the most streamed TV show last year was Suits -- an original from the USA Network cable channel that ended in 2019.

A civil liberties group has filed a lawsuit in Virginia arguing that the widespread use of Flock's automated license plate readers violates the Fourth Amendment's protections against warrantless searches. 404 Media reports: "The City of Norfolk, Virginia, has installed a network of cameras that make it functionally impossible for people to drive anywhere without having their movements tracked, photographed, and stored in an AI-assisted database that enables the warrantless surveillance of their every move. This civil rights lawsuit seeks to end this dragnet surveillance program," the lawsuit notes (PDF). "In Norfolk, no one can escape the government's 172 unblinking eyes," it continues, referring to the 172 Flock cameras currently operational in Norfolk. The Fourth Amendment protects against unreasonable searches and seizures and has been ruled in many cases to protect against warrantless government surveillance, and the lawsuit specifically says Norfolk's installation violates that. [...]

The lawsuit in Norfolk is being filed by the Institute for Justice, a civil liberties organization that has filed a series of privacy and government overreach lawsuits over the last few years. Two Virginia residents, Lee Schmidt and Crystal Arrington, are listed as plaintiffs in the case. Schmidt is a Navy veteran who alleges in the lawsuit that the cops can easily infer where he is going based on Flock data. "Just outside his neighborhood, there are four Flock Cameras. Lee drives by these cameras (and others he sees around town) nearly every day, and the Norfolk Police Department [NPD] can use the information they record to build a picture of his daily habits and routines," the lawsuit reads. "If the Flock Cameras record Lee going straight through the intersection outside his neighborhood, for example, the NPD can infer that he is going to his daughter's school. If the cameras capture him turning right, the NPD can infer that he is going to the shooting range. If the cameras capture him turning left, the NPD can infer that he is going to the grocery store. The Flock Cameras capture the start of nearly every trip Lee makes in his car, so he effectively cannot leave his neighborhood without the NPD knowing about it." Arrington is a healthcare worker who makes home visits to clients in Norfolk. The lawsuit alleges that it would be trivial for the government to identify her clients. "Fourth Amendment case law overwhelmingly shows that license plate readers do not constitute a warrantless search because they take photos of cars in public and cannot continuously track the movements of any individual," a Flock spokesperson said. "Appellate and federal district courts in at least fourteen states have upheld the use of evidence from license plate readers as Constitutional without requiring a warrant, as well as the 9th and 11th circuits. Since the Bell case, four judges in Virginia have ruled the opposite way -- that ALPR evidence is admissible in court without a warrant."

An anonymous reader writes: T-Mobile and AT&T say US regulators should drop a plan to require unlocking of phones within 60 days of activation, claiming that locking phones to a carrier's network makes it possible to provide cheaper handsets to consumers. "If the Commission mandates a uniform unlocking policy, it is consumers -- not providers -- who stand to lose the most," T-Mobile alleged in an October 17 filing with the Federal Communications Commission. The proposed rule has support from consumer advocacy groups who say it will give users more choice and lower their costs.

T-Mobile has been criticized for locking phones for up to a year, which makes it impossible to use a phone on a rival's network. T-Mobile claims that with a 60-day unlocking rule, "consumers risk losing access to the benefits of free or heavily subsidized handsets because the proposal would force providers to reduce the line-up of their most compelling handset offers." If the proposed rule is enacted, "T-Mobile estimates that its prepaid customers, for example, would see subsidies reduced by 40 percent to 70 percent for both its lower and higher-end devices, such as the Moto G, Samsung A15, and iPhone 12," the carrier said. "A handset unlocking mandate would also leave providers little choice but to limit their handset offers to lower cost and often lesser performing handsets." In July, the FCC approved a Notice of Proposed Rulemaking (NPRM) for the unlocking policy in a 5-0 vote.

The FCC is proposing "to require all mobile wireless service providers to unlock handsets 60 days after a consumer's handset is activated with the provider, unless within the 60-day period the service provider determines the handset was purchased through fraud."

An anonymous reader quotes a report from Space News: SpaceX has been awarded contracts for eight launches under the National Security Space Launch (NSSL) Phase 3 Lane 1 program, the U.S. Space Force's Space Systems Command announced Oct. 18. The contracts worth $733.5 million span seven missions for the Space Development Agency (SDA) and one for the National Reconnaissance Office (NRO) projected to launch in 2026. These are part of the NSSL Phase 3 procurement of launch services for U.S. defense and intelligence agencies.

The NSSL Phase 3 Lane 1 program is structured as an Indefinite Delivery, Indefinite Quantity (IDIQ) contract, a flexible procurement method often used in government contracting. The total value of the Lane 1 contract is estimated at $5.6 billion over five years, with Blue Origin, SpaceX, and United Launch Alliance (ULA) selected as the primary vendors to compete for individual task orders. The Space Development Agency is utilizing SpaceX's Falcon 9 rocket to launch small satellites into a low-Earth orbit (LEO) constellation, a network of satellites designed to enhance military communications and intelligence capabilities. SpaceX has already completed two successful launches for the Tranche 0 portion of SDA's constellation.

"The Phase 3 Lane 1 construct allows us to execute launch services more quickly for risk-tolerant payloads, putting more capabilities in orbit faster to support national security," said Brig. Gen. Kristin Panzenhagen, program executive officer for Assured Access to Space at the Space Force. Blue Origin's New Glenn rocket has yet to perform its first launch and will need to complete at least two successful flights to qualify for NSSL certification, while ULA's Vulcan Centaur, which has completed two flights, is still awaiting final certification for the program.

Microsoft has notified customers that it's missing more than two weeks of security logs for some of its cloud products, leaving network defenders without critical data for detecting possible intrusions. From a report: According to a notification sent to affected customers, Microsoft said that "a bug in one of Microsoft's internal monitoring agents resulted in a malfunction in some of the agents when uploading log data to our internal logging platform" between September 2 and September 19.

The notification said that the logging outage was not caused by a security incident, and "only affected the collection of log events." Business Insider first reported the loss of log data earlier in October. Details of the notification have not been widely reported. As noted by security researcher Kevin Beaumont, the notifications that Microsoft sent to affected companies are likely accessible only to a handful of users with tenant admin rights. Logging helps to keep track of events within a product, such as information about users signing in and failed attempts, which can help network defenders identify suspected intrusions. Missing logs could make it more difficult to identify unauthorized access to the customers' networks during that two-week window.

The Cybersecurity Association of China (CSAC) has recommended a security review of Intel's products sold in China, accusing the U.S. chipmaker of harming national security and citing vulnerabilities in its chips. Reuters reports: While CSAC is an industry group rather than a government body, it has close ties to the Chinese state and the raft of accusations against Intel, published in a long post on its official WeChat account, could trigger a security review from China's powerful cyberspace regulator, the Cyberspace Administration of China (CAC). "It is recommended that a network security review is initiated on the products Intel sells in China, so as to effectively safeguard China's national security and the legitimate rights and interests of Chinese consumers," CSAC said. [...]

CSAC in its post accuses Intel chips, including Xeon processors used for artificial intelligence tasks, of carrying several vulnerabilities, concluding that Intel "has major defects when it comes to product quality, security management, indicating that it is extremely irresponsible attitude towards customers." The industry group goes on to state that operating systems embedded in all Intel processors are vulnerable to backdoors created by the U.S. National Security Agency (NSA). "This poses a great security threat to the critical information infrastructures of countries all over the world, including China...the use of Intel products poses a serious risk to national security." CSAC said.

Vietnam will convert all its networks to IPv6, under a sweeping digital infrastructure strategy announced last week. From a report: The plan emerged in Decision No. 1132/QD-TTg -- signed into existence by permanent deputy prime minister Nguyen Hoa Binh -- and defines goals for 2025 and 2030. By 2025, the nation intends to connect two new submarine cables -- an important local issue.

Earlier this year, internet speeds slowed when three of the five cables connecting the country broke. Also by 2025, the country wants "universal" fiber-to-the-home, 5G services in all cities and industrial zones, and work to have commenced on an unspecified number of datacenters capable of running AI applications and operating with power usage effectiveness index (PUE) of less than 1.4. [...] Vietnam's population exceeds 100 million and it already has 140 mobile subscriptions per 100 inhabitants. IPv4 with network address translation can scale to those levels -- if Vietnamese carriers have secured sufficient number resources.

The first 5G Internet of Things (IoT) devices are launching soon. According to Fierce Wireless, T-Mobile plans to launch its first RedCap devices by the end of the year, while AT&T's devices are expected sometime in 2025. From the report: All of this should pave the way for higher performance 5G gadgets to make an impact in the world of IoT. RedCap, which stands for reduced capabilities, was introduced as part of the 3GPP's Release 17 5G standard, which was completed -- or frozen in 3GPP terms -- in mid-2022. The specification, which is also called NR-Light, is the first 5G-specific spec for IoT.

RedCap promises to offer data transfer speeds of between 30 Mbps to 80 Mbps. The RedCap spec greatly reduces the bandwidth needed for 5G, allowing the signal to run in a 20 MHz channel rather than the 100 MHz channel required for full scale 5G communications.

UPDATE: Forbes writes that China hasn't broken military encryption. While factoring a 50-bit integer is an impressive technical achievement, it's important to note that RSA encryption commonly uses key sizes of 2048 bits or higher. The difficulty of factoring increases exponentially with the size of the number, meaning that the gap between 50-bit and 2048-bit integers is astronomically large...

The advances do not equate to a scalable method for breaking RSA encryption as it is used in practical applications today."
Long-time Slashdot schwit1 originally wrote: Chinese scientists have mounted what they say is the world's first effective attack on a widely used encryption method using a quantum computer. The breakthrough poses a "real and substantial threat" to the long-standing password-protection mechanism employed across critical sectors, including banking and the military, according to the researchers.

Despite the slow progress in general-purpose quantum computing, which currently poses no threat to modern cryptography, scientists have been exploring various attack approaches on specialised quantum computers. In the latest work led by Wang Chao, of Shanghai University, the team said it used a quantum computer produced by Canada's D-Wave Systems to successfully breach cryptographic algorithms.

Using the D-Wave Advantage, they successfully attacked the Present, Gift-64 and Rectangle algorithms -- all representative of the SPN (Substitution-Permutation Network) structure, which forms part of the foundation for advanced encryption standard (AES) widely used in the military and finance. AES-256, for instance, is considered the best encryption available and often referred to as military-grade encryption. While the exact passcode is not immediately available yet, it is closer than ever before, according to the study. "This is the first time that a real quantum computer has posed a real and substantial threat to multiple full-scale SPN structured algorithms in use today," they said in the peer-reviewed paper.

To avoid overloading local electric grids, Britain's most productive windfarm "is paid to turn off," reports the Guardian — and across the industry these so-called "constraint payments" amount to billions every year.

"Government officials are hoping to correct the clear inefficiencies in the market by overhauling the market itself." Greg Jackson, the founder of Octopus Energy, told the Guardian: "It's grotesque that energy costs are rising again this winter, whilst we literally pay windfarms these extortionate prices not to generate. Locational pricing would instead mean that local people got cheap power when it's windy. Scotland would have the cheapest power in Europe, instead of among the most expensive, and every region would be cheaper than today. Companies would invest in infrastructure where we need it — not where they get the highest subsidies."

The changes could catalyse an economic osmosis of high energy users — such as datacentres and factories — into areas of the country with low energy prices, creating new job opportunities beyond the south-east. It could also spur the development of new energy projects — particularly rooftop solar — across buildings in urban areas where energy demand is high. This rebalancing of the energy market could save the UK nearly £49bn in accumulated network costs by 2040, according to a study commissioned by the energy regulator from FTI Consulting.

But others fear the changes could come at a deeper cost to Britain's climate goals — and bill payers too. The clean energy companies preparing to spend billions on building new wind and solar farms are concerned that a redrawing of the market boundaries could radically change the economics of new renewable energy projects — which would ultimately raise the costs, which would be passed on to consumers, or see the projects scrapped altogether... With stiff competition in the international markets for investment in clean energy, Renewable UK [the industry's trade group] fears that companies and their investors will simply choose to build new clean energy projects elsewhere.
"The debate has driven deep rifts across the industry," the article concludes, "between modernisers who believe the new price signals would give rise to a new, rational market and those who fear the changes risk unravelling Britain's low-carbon agenda...

"The government is expected to make a decision on how to proceed in the coming months, but the fierce debate between warring factions of the energy industry is likely to continue for far longer."

Thanks to long-time Slashdot reader AmiMoJo for sharing the news.

Formed in 2021 by cybersecurity professionals (and backed by high-powered VCs including Dell Technologies Capital), Halcyon sells an enterprise-grade anti-ransomware platform.

And this month they announced they're offering protection against ransomware attacks targeting Linux systems, according to Linux magazine: According to Cynet, Linux ransomware attacks increased by 75 percent in 2023 and are expected to continue to climb as more bad actors target Linux deployments... "While Windows is the favorite for desktops, Linux dominates the market for supercomputers and servers."
Here's how Halcyon's announcement made their pitch: "When it comes to ransomware protection, organizations typically prioritize securing Windows environments because that's where the ransomware operators were focusing most of their attacks. However, Linux-based systems are at the core of most any organization's infrastructure, and protecting these systems is often an afterthought," said Jon Miller, CEO & Co-founder, Halcyon. "The fact that Linux systems usually are always on and available means they provide the perfect beachhead for establishing persistence and moving laterally in a targeted network, and they can be leveraged for data theft where the exfiltration is easily masked by normal network traffic. As more ransomware operators are developing the capability to target Linux systems alongside Windows, it is imperative that organizations have the ability to keep pace with the expanded threat."

Halcyon Linux, powered through the Halcyon Anti-Ransomware Platform, uniquely secures Linux-based systems offering comprehensive protection and rapid response capabilities... Halcyon Linux monitors and detects ransomware-specific behaviors such as unauthorized access, lateral movement, or modification of critical files in real-time, providing instant alerts with critical context... When ransomware is suspected or detected, the Halcyon Ransomware Response Engine allows for rapid response and action.... Halcyon Data Exfiltration Protection (DXP) identifies and blocks unauthorized data transfers to protect sensitive information, safeguarding the sensitive data stored in Linux-based systems and endpoints...

Halcyon Linux runs with minimal resource impact, ensuring critical environments such as database servers or virtualized workloads, maintain the same performance.
And in addition, Halcyon offers "an around the clock Threat Response team, reviewing and responding to alerts," so your own corporate security teams "can attend to other pressing priorities..."

Bluesky, the decentralized social network cofounded by Jack Dorsey, created a Threads account to court users frustrated by Meta's moderation issues. Thurrott reports: This week, the Bluesky team also used Threads to share some tips on how to get started on Bluesky, how to get more engagement, and more. The company also emphasized its decentralized structure and more extensive customization options, with the app recently introducing a new theme font, adjustable font sizing, and the ability to pin posts on top of profiles.

Bluesky also couldn't resist to engage in some strange trolling this week. "We're not like the other girls ... we're not owned by a billionaire," the team wrote on Threads yesterday. Of course, this the post that got the most engagement on the Bluesky Threads account with close to 500 comments as of this writing.

Casio confirmed it suffered a ransomware attack earlier this month, resulting in the theft of personal and confidential data from employees, job candidates, business partners, and some customers. Although customer payment data was not compromised, Casio warns the impact may broaden as the investigation continues. BleepingComputer reports: The attack was disclosed Monday when Casio warned that it was facing system disruption and service outages due to unauthorized access to its networks during the weekend. Yesterday, the Underground ransomware group claimed responsibility for the attack, leaking various documents allegedly stolen from the Japanese tech giant's systems. Today, after the data was leaked, Casio published a new statement that admits that sensitive data was stolen during the attack on its network.

As to the current results of its ongoing investigation, Casio says the following information has been confirmed as likely compromised:

- Personal data of both permanent and temporary/contract employees of Casio and its affiliated companies.
- Personal details related to business partners of Casio and certain affiliates.
- Personal information of individuals who have interviewed for employment with Casio in the past.
- Personal information related to customers using services provided by Casio and its affiliated companies.
- Details related to contracts with current and past business partners.
- Financial data regarding invoices and sales transactions.
- Documents that include legal, financial, human resources planning, audit, sales, and technical information from within Casio and its affiliates.

U.S. officials are racing to understand the full scope of a China-linked hack of major U.S. broadband providers, as concerns mount from members of Congress that the breach could amount to a devastating counterintelligence failure. From a report: Federal authorities and cybersecurity investigators are probing the breaches of Verizon Communications, AT&T and Lumen Technologies. A stealthy hacking group known as Salt Typhoon tied to Chinese intelligence is believed to be responsible. The compromises may have allowed hackers to access information from systems the federal government uses for court-authorized network wiretapping requests, The Wall Street Journal reported last week.

Among the concerns are that the hackers may have essentially been able to spy on the U.S. government's efforts to surveil Chinese threats, including the FBI's investigations. The House Select Committee on China sent letters Thursday asking the three companies to describe when they became aware of the breaches and what measures they are taking to protect their wiretap systems from attack. Spokespeople for AT&T, Lumen and Verizon declined to comment on the attack. A spokesman at the Chinese Embassy in Washington has denied that Beijing is responsible for the alleged breaches.

Combined with other Chinese cyber threats, news of the Salt Typhoon assault makes clear that "we face a cyber-adversary the likes of which we have never confronted before," Rep. John Moolenaar, the Republican chairman of the House Select Committee Committee on China, and Raja Krishnamoorthi, the panel's top Democrat, said in the letters. "The implications of any breach of this nature would be difficult to overstate," they said. Hackers still had access to some parts of U.S. broadband networks within the last week, and more companies were being notified that their networks had been breached, people familiar with the matter said. Investigators remain in the dark about precisely what the hackers were seeking to do, according to people familiar with the response.

An anonymous reader quotes a report from Ars Technica: On Wednesday, NYC-based software developer Nick Spreen received a surprising alert on his iPhone 15 Pro, delivered through an early test version of Apple's upcoming Apple Intelligence text message summary feature. "No longer in a relationship; wants belongings from the apartment," the AI-penned message reads, summing up the content of several separate breakup texts from his girlfriend -- that arrived on his birthday, no less. Spreen shared a screenshot of the AI-generated message in a now-viral tweet on the X social network, writing, "for anyone who's wondered what an apple intelligence summary of a breakup text looks like." Spreen told Ars Technica that the screenshot does not show his ex-girlfriend's full real name, just a nickname.

This summary feature of Apple Intelligence, announced by the iPhone maker in June, isn't expected to fully ship until an iOS 18.1 update in the fall. However, it has been available in a public beta test of iOS 18 since July, which is what Spreen is running on his iPhone. It works akin to something like a stripped-down ChatGPT, reading your incoming text messages and delivering its own simplified version of their content. On X, Spreen replied to skepticism over whether the message was real in a follow-up post. "Yes this was real / yes it happened yesterday / yes it was my birthday," Spreen wrote. In response to a question about it being a fair summary of his girlfriend's messages, he wrote, "it is."

We reached out to Spreen directly via email and he delivered his own summary of his girlfriend's messages. "It was something along the lines of i can't believe you just did that, we're done, i want my stuff. we had an argument in a bar and I got up and left, then she sent the text," he wrote. How did he feel about getting the news via AI summary? "I do feel like it added a level of distance to it that wasn't a bad thing," he told Ars Technica. "Maybe a bit like a personal assistant who stays professional and has your back even in the most awful situations, but yeah, more than anything it felt unreal and dystopian."

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission gave Starlink and T-Mobile emergency authority to provide satellite-to-phone coverage in areas hit by Hurricane Helene. "SpaceX and T-Mobile have been given emergency special temporary authority by the FCC to enable Starlink satellites with direct-to-cell capability to provide coverage for cell phones in the affected areas of Hurricane Helene," SpaceX said yesterday. "The satellites have already been enabled and started broadcasting emergency alerts to cell phones on all networks in North Carolina. In addition, we may test basic texting (SMS) capabilities for most cell phones on the T-Mobile network in North Carolina."

SpaceX warned of limits since the service isn't ready for a commercial rollout. "SpaceX's direct-to-cell constellation has not been fully deployed, so all services will be delivered on a best-effort basis," the company said. Starlink is being used to provide wireless emergency alerts to cell phones from all carriers in North Carolina, according to Ben Longmier, senior director of satellite engineering for SpaceX. "We are also closely monitoring Hurricane Milton and standing by ready to take action in Florida," he wrote.

The FCC said (PDF) the approval "enabl[es] SpaceX to operate Supplemental Coverage from Space (SCS) in the 1910-1915 MHz and 1990-1995 MHz frequency bands leased from T-Mobile in areas affected by the Hurricane Helene." An FCC spokesperson told Ars that the approval is for all areas affected by Hurricane Helene, although it's only active in North Carolina so far. The FCC also said (PDF) that it is granting "special temporary authorities to licensees and issuing rule waivers to help communications providers maintain and restore service, support emergency operations, and assist public safety, including search and rescue efforts." Separately, the FCC last week waived (PDF) certain Lifeline program eligibility rules to help people in disaster areas (PDF) apply for discounted phone and broadband service.

The Washington Post interviewed Lebanese officials, people close to Hezbollah, and Israeli, Arab and U.S. security officials and politicians about a years-long plan (originated at Mossad headquarters) that ultimately killed or maimed "as many as 3,000 Hezbollah officers and members — most of them rear-echelon figures... along with an unknown number of civilians... when Israel's Mossad intelligence service triggered the devices remotely on September 17." In the initial sales pitch to Hezbollah two years ago, the new line of Apollo pagers seemed precisely suited to the needs of a militia group with a sprawling network of fighters and a hard-earned reputation for paranoia... Best of all, there was no risk that the pagers could ever be tracked by Israel's intelligence services. Hezbollah's leaders were so impressed they bought 5,000 of them and began handing them out to mid-level fighters and support personnel in February. None of the users suspected they were wearing an ingeniously crafted Israeli bomb...

Israeli officials had watched with increasing anxiety as the Lebanese group added new weapons to an arsenal already capable of striking Israeli cities with tens of thousands of precision-guided missiles. Mossad, the Israeli intelligence service responsible for combating foreign threats to the Jewish state, had worked for years to penetrate the group with electronic monitoring and human informants. Over time, Hezbollah leaders learned to worry about the group's vulnerability to Israeli surveillance and hacking, fearing that even ordinary cellphones could be turned into Israeli-controlled eavesdropping and tracking devices. Thus was born the idea of creating a kind of communications Trojan horse, the officials said. Hezbollah was looking for hack-proof electronic networks for relaying messages, and Mossad came up with a pair of ruses that would lead the militia group to purchase devices that seemed perfect for the job — equipment that Mossad designed and had assembled in Israel.

The first part of the plan, booby-trapped walkie-talkies, began being inserted into Lebanon by Mossad nearly a decade ago, in 2015. The mobile two-way radios contained oversized battery packs, a hidden explosive and a transmission system that gave Israel complete access to Hezbollah communications. For nine years, the Israelis contented themselves with eavesdropping on Hezbollah, the officials said, while reserving the option to turn the walkie-talkies into bombs in a future crisis. But then came a new opportunity and a glitzy new product: a small pager equipped with a powerful explosive. In an irony that would not become clear for many months, Hezbollah would end up indirectly paying the Israelis for the tiny bombs that would kill or wound many of its operatives.

Because Hezbollah leaders were alert to possible sabotage, the pagers could not originate in Israel, the United States or any other Israeli ally. So, in 2023, the group began receiving solicitations for the bulk purchase of Taiwanese-branded Apollo pagers, a well-recognized trademark and product line with a worldwide distribution and no discernible links to Israeli or Jewish interests. The Taiwanese company had no knowledge of the plan, officials said... The marketing official had no knowledge of the operation and was unaware that the pagers were physically assembled in Israel under Mossad oversight, officials said... In a feat of engineering, the bomb component was so carefully hidden as to be virtually undetectable, even if the device was taken apart, the officials said. Israeli officials believe that Hezbollah did disassemble some of the pagers and may have even X-rayed them.
"Thousands of Apollo-branded pagers rang or vibrated at once, all across Lebanon and Syria," according to the article, with a short sentence in Arabic that said "You received an encrypted message." The two-button de-encryption procedure "ensured most users would be holding the pager with both hands when it detonated," according to the article, although "Less than a minute later, thousands of other pagers exploded by remote command, regardless of whether the user ever touched his device. The following day, on September 18, hundreds of walkie-talkies blew up in the same way, killing and maiming users and bystanders..."

"As Hezbollah reeled, Israel struck again, pounding the group's headquarters, arsenals and logistic centers with 2,000-pound bombs," the article concludes. And the strike "convinced the country's political leaders that Hezbollah could be put on the ropes, susceptible to a systematic dismantling using airstrikes and, eventually a ground invasion..."

"A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers," reports the Wall Street Journal, "potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests.

"For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk." The attackers also had access to other tranches of more generic internet traffic, they said. Verizon Communications, AT&T and Lumen Technologies are among the companies whose networks were breached by the recently discovered intrusion, the people said.

The widespread compromise is considered a potentially catastrophic security breach and was carried out by a sophisticated Chinese hacking group dubbed Salt Typhoon. It appeared to be geared toward intelligence collection, the people said... The surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations. Under federal law, telecommunications and broadband companies must allow authorities to intercept electronic information pursuant to a court order. It couldn't be determined if systems that support foreign intelligence surveillance were also vulnerable in the breach...

The hackers appear to have engaged in a vast collection of internet traffic from internet service providers that count businesses large and small, and millions of Americans, as their customers. Additionally, there are indications that the hacking campaign targeted a small number of service providers outside the U.S., the people said. A person familiar with the attack said the U.S. government considered the intrusions to be historically significant and worrisome... "It will take time to unravel how bad this is, but in the meantime it's the most significant in a long string of wake-up calls that show how the PRC has stepped up their cyber game," said Brandon Wales, former executive director at the Cybersecurity and Infrastructure Security Agency and now a vice president at SentinelOne, referring to the People's Republic of China. "If companies and governments weren't taking this seriously before, they absolutely need to now."
Three weeks ago TechCrunch also reported that the FBI "took control of a botnet made up of hundreds of thousands of internet-connected devices, such as cameras, video recorders, storage devices, and routers, which was run by a Chinese government hacking group, FBI director Christopher Wray and U.S. government agencies revealed Wednesday.