Archives for April 2018

Reuters Top 100: Europe's Most Innovative Universities – 2018

For the third year running KU Leuven tops Reuters ranking of Europe’s most innovative universities, a list that identifies and ranks the educational institutions doing the most to advance science, invent new technologies and power new markets and industries. A Dutch-speaking school based in Belgium’s Flanders region KU Leuven was founded in 1425 by Pope Martin V and continually produces a high volume of influential inventions. Patents filed by KU scientists are frequently cited by other researchers in academia and in private industry. That’s one of the key criteria in Reuters’ ranking, which was compiled in partnership with Clarivate Analytics, and is based on proprietary data and analysis of patent filings and research paper citations.

1. The library of the university KU Leuven “Katholieke Universiteit Leuven” is pictured in Leuven, Belgium, June 8, 2016. REUTERS/Francois Lenoir

Overall, the most elite ranks of Europe’s Most Innovative Universities have held steady from last year, with the UK’s Imperial College London (#2) and University of Cambridge (#3) holding onto their top spots for the third straight year. Other leading institutions simply traded a few spaces, like the Federal Polytechnic School of Lausanne (#4, up one), University of Erlangen Nuremberg (#5, up one), and the Technical University of Munich (#6, down two). The remainder of the universities in the top 10 moved up from the teens: The University of Manchester (#7, up nine), University of Munich (#8, up four), Technical University of Denmark (#9, up five), and ETH Zurich (#10, up one).

But even though the usual suspects continue to dominate Europe’s Most Innovative Universities, political uncertainty may be causing a big swing in where innovation happens. The trend is most clear if you consider the sum of changes in rank for each country’s institutions: The 23 German universities on this year’s list cumulatively rose 23 spots, more than any other country. Switzerland was second, with five universities up a total of 8 spots. And in contrast, the list’s 21 UK-based universities dropped a cumulative 35 spots.

2. Students walk out of a faculty building of Imperial College London, Britain, May 27, 2016. REUTERS/Toby Melville/File Photo

Why is this shift occurring? The United Kingdom’s “Brexit” from the European Union is almost a year away, but Europe’s scientific community may already be leaving the UK in favor of research institutions on the continent. A February 2018 study published by the UK-based Centre for Global Higher Education reports that many German academics view Brexit as an “advantage,” and hope to use it to attract UK researchers to German universities; in turn, UK academics report that their own postdocs aren’t seeking positions in the UK and are looking at the EU or United States instead. And as Brexit actually unfolds, it could get worse: A November 2017 study performed by the School of International Futures for the UK’s Royal Society describes a possible post-secession United Kingdom where universities compete for a shrinking pool of skilled workers, projects that used to receive EU funding wither, researchers receive fewer invites to join consortia and attend conferences, and overseas collaboration is limited. Similarly, EU-based businesses that fund research at universities may prefer to keep their investments within the region in order to avoid the tax and regulatory headaches of working with post-Brexit UK institutions.

The government of Germany has also established itself as notably pro-science, increasing federal research budgets and encouraging growth in emerging industries such as renewable energy. (German Chancellor Angela Merkel actually holds a doctorate in quantum chemistry, and worked as a research scientist before she entered politics.) According to a 2017 analysis published in the science journal “Nature,” researchers are “flocking to the country,” in part due to the country’s €4.6-billion “Excellence Initiative,” which has helped to attract at least 4,000 foreign scientists to Germany since 2005. And in 2016, the German Research Foundation (Deutsche Forschungsgemeinschaft, or DFG), the country’s main funding agency, allocated a record €2.9 billion in grants, posting a success rate for individual grant proposals higher than comparable UK rates.

Slideshow (8 Images)

This year’s university ranking also shows how smaller countries can have an outsized presence in the world of innovation. Belgium has seven schools on the list, but with a population of only 11 million people, it can boast more top 100 innovative universities per capita than any other country in Europe. On the same per capita basis, the second most innovative country on the list is Switzerland, followed by Denmark, the Netherlands, and the Republic of Ireland. And some large countries underperform despite bigger populations and economies. Russia is Europe’s most populous country and boasts the region’s fifth largest economy, yet none of its universities count among the top 100.

To compile the ranking of Europe’s most innovative universities, Clarivate Analytics (formerly the Intellectual Property & Science business of Thomson Reuters) began by identifying more than 600 global organizations that published the most articles in academic journals, including educational institutions, nonprofit charities, and government-funded institutions. That list was reduced to institutions that filed at least 50 patents with the World Intellectual Property Organization in the period between 2011 and 2016. Then they evaluated each candidate on 10 different metrics, focusing on academic papers (which indicate basic research) and patent filings (which point to an institution’s ability to apply research and commercialize its discoveries). Finally, they trimmed the list so that it only included European universities, and then ranked them based on their performance.

Of course, the relative ranking of any university does not provide a complete picture of whether its researchers are doing important, innovative work. Since the ranking measures innovation on an institutional level, it may overlook particularly innovative departments or programs: a university might rank low for overall innovation but still operate one of the world’s most innovative oncology research centers, for instance. And it’s important to remember that whether a university ranks at the top or the bottom of the list, it’s still within the top 100 on the continent: All of these universities produce original research, create useful technology and stimulate the global economy.

To see the full methodology, click here.

(Editing by Arlyn Gajilan and Alessandra Rafferty)

SK Hynix echoes TSMC with warning of slower mobile chip growth

SEOUL (Reuters) – SK Hynix Inc became Asia’s second major semiconductor maker this earnings season to warn of slower growth in smartphone chip sales, but said this would be offset somewhat by robust demand for server and other high-end chips.

FILE PHOTO: SK Hynix Inc’s DRAM modules are seen in this picture illustration taken at the company’s main office building in Seoul October 24, 2012. REUTERS/Kim Hong-Ji/File Photo

Increasing signs of a maturing global smartphone market have fueled expectations that last year’s boom in chip demand is moderating and so will earnings growth.

The South Korean chipmaker met market expectations with a 77 percent jump in first-quarter operating profit to 4.4 trillion won ($4 billion). That was just short of last quarter’s best-ever result, ending a run of four consecutive quarters of record profit.

Its shares were down 3 percent in afternoon trade while those of large rival Samsung Electronics Co Ltd lost 2.4 percent.

“SK Hynix’ first-quarter shipments fell much steeper than previous company guidance, which seems to have fanned concerns about slowing mobile demand,” said Song Myung-sup, analyst at HI Investment & Securities.

Worldwide smartphone shipment volumes shrank for the first time late last year, according to search provider Strategy Analytics, with high-end brands coming under increasing competition from the likes of low-cost Chinese vendor Xiaomi.

Taiwan Semiconductor Manufacturing Co Ltd also warned last week of softer smartphone demand, cutting its revenue target and sending shares of key client Apple and as well as other chip firms lower.

But SK Hynix, the world’s No. 2 memory chip maker, was quick to stress it also had areas of strong growth up its sleeve.

The logo of SK Hynix is seen at its headquarters in Seongnam, South Korea, April 25, 2016. REUTERS/Kim Hong-Ji/File Photo

“Although overall growth in smartphone sales will stagnate, China’s big four smartphone firms are leading the accelerated adoption of high-capacity chips,” SK Hynix head of DRAM marketing Sean Kim told an earnings briefing.

“As for servers, North American internet data center firms as well as Chinese firms led by Baidu, Alibaba and Tencent are increasing investment,” he added.

Prices for DRAM chips, which help devices perform multiple tasks, have risen as servers, gaming PCs and cryptocurrency mining devices demand more firepower to process large amounts of streaming data.

SK Hynix said growth for server DRAM chips was expected to outpace the overall DRAM market for the next two to three years, adding that compared to other chipmakers, server DRAM accounts for a bigger portion of its revenue.

Addressing concerns that DRAM prices could start to flatten out or even drop, the company said the industry needed to ramp up production capacity of complex DRAM memory chips as currently supply was constrained by the technological difficulty of producing them.

Although prices for NAND chips, which provide long-term data storage, have fallen, SK Hynix said it did not expect supply to outstrip demand this year.

($1 = 1,066.3300 won)

Reporting by Joyce Lee; Additional reporting by Ju-min Park; Editing by Stephen Coates and Edwina Gibbs

SAP, gaining market share, raises outlook

FRANKFURT/LONDON (Reuters) – Germany’s SAP (SAPG.DE) announced upbeat results in the seasonally tough first quarter, saying it was gaining ground on its main competitors Salesforce (CRM.N) and Oracle (ORCL.N) in the cloud and that its margin recovery was firmly on track.

SAP logo at SAP headquarters in Walldorf, Germany, January 24, 2017. REUTERS/Ralph Orlowski

SAP, Europe’s largest tech company by stock market valuation, also raised its sales and profits guidance for 2018 to take into account the $2.4 billion acquisition of U.S. sales software firm Callidus that was announced in January.

“We’re gaining share fast and we’re outpacing our toughest competitors pretty handily,” Chief Executive Bill McDermott told reporters on a conference call, calling the results strong at the top and bottom line.

SAP now expects total non-IFRS revenues at constant currencies this year of 24.8-25.3 billion euros ($30.28-$30.89 billion), representing growth of 5.5-7.5 percent, up from an earlier expectation of 5-7 percent growth.

Non-IFRS operating profits rose 14 percent in constant currency to 1.235 billion euros, compared to the average forecast of 1.19 billion euros in a Reuters poll of 15 analysts.

SAP headquarters in Walldorf, Germany, January 24, 2017. REUTERS/Ralph Orlowski

Cloud subscription and support revenues, SAP’s growth driver, grew by 18 percent to exceed 1 billion euros for the first time. At constant currencies they rose 31 percent, to which McDermott said: “Wow.”

Cloud growth accelerated outside the United States and grew faster than any of SAP’s major rivals, including Oracle, Salesforce and Workday (WDAY.O), he added SAP has faced currency headwinds due to the strong euro, and both the company and analysts focus on key metrics after adjustment for currency effects to get an underlying picture of performance.

Had SAP reported in U.S. dollars, like its competitors, the growth numbers would have turned out even better, said Chief Financial Officer Luca Mucic. Cloud subscriptions, for example, would have shown year-over-year growth in the first quarter of 37 percent in U.S. dollar terms, he said.

“We grew faster than every ‘best-of-breed’ cloud (competitor) out there,” McDermott said. “Faster than Workday, a lot faster than Salesforce, and a lot faster than Oracle.”

Mucic said that an expansion of 1.1 percentage points in operating margins in the first quarter boded well for SAP after a strong showing in the same quarter a year ago.

($1 = 0.8191 euros)

Reporting by Douglas Busvine and Eric Auchard; Editing by Tom Sims

Our Standards:The Thomson Reuters Trust Principles.

Is Amazon Slipping? Uncovering a Dirty Secret About Their Seller Policy (by Accident)

Every month, I have a ‘what I need to re-stock on from Amazon’ day. This month, it was time to replace my water filter, so off to Amazon I went. I searched for ‘water filter’, scanned through the first page of results (because who goes to the second page … seriously) and found what appeared to be a winner. 

Amazon Best Seller: Check

Amazon Prime: Check 

Price Point: Surprisingly low (but how?)

Usually, the lower the price, the happier I am. However, ever since I wrote about price gauging and what seemed to be suspicious Amazon activity, I’ve been particularly interested in exploring anything that raised an eyebrow, even if the price was favorable to a consumer. So, I loaded up on the coffee and got to work. 

It might sound like a conspiracy theory worthy of Chinatown, but don’t break out your tinfoil hats just yet. Look at the Waterdrop water filter. It’s a hot product from an Amazon Top 500 seller, a company called EcoLife Technologies LLC. But, it’s totally going against Amazon’s rules.

The Epic Policy Contradiction

Last year, Amazon added strict requirements for water filters sold on its platform. The e-tailer said it would suppress any item listings that didn’t fulfill its standards. Any suppressed item Fulfilled by Amazon (FBA) was liable to be destroyed or returned at the seller’s expense. 

Each product “must be certified to at least the NSF/ANSI-42 standard (including Material Safety, Structural Integrity, and System Performance).” The key point here is “System Performance.”

Here’s where things get interesting. If you look at the NSF’s website, you’ll find that EcoLife’s products don’t adhere to Amazon’s System Performance standards. As quoted on the NSF’s site:

“Conforms to the material and structural integrity requirements only.”

Does this mean that Amazon is selling us water filters that are underperforming? Not necessarily, no, but I do know that Amazon apparently let this company slip through their filter (pun intended).

Oh, but the fun doesn’t end there. I did a little more research and found some surprising facts. First. EcoLife Technologies LLC is registered in both California and Colorado (the official website says they are in California). 

Okay, not a big deal — but I also found out that EcoLife gets their water filters imported from China through a company called Qingdao Ecopure Filter Co., which produces EcoAqua filters. Further, there’s a UK company called Waterdrop Filters whose website is registered to someone at VYAIR, another manufacturer which sells EcoAqua filters on Amazon.

Hmmm…curious

What’s going on here? Well, it’s a possibility that EcoLife isn’t from the US and is just using the system for their own gain. The NSF site shows that EcoLife has a Nevada area code, a Colorado address, but that the facility is in China. It’s also likely that EcoLife is both the manufacturer and seller as there’s not enough markup to indicate reselling.

Don’t get me wrong. I love Amazon and all its great deals. But I think criticism should be given when it’s due and such curious behavior shouldn’t go unnoticed. It’s not the first time, either. Last year, I chastised Amazon for blaming its algorithm when it allowed sellers to hike up water prices during Hurricane Irma.

Others have criticized the platform for wooing Chinese vendors which produced counterfeit goods. A t-shirt designer named Matthew Snow found that 15-20 sellers in Hong Kong and China were duplicating his products. To fight this, Snow was required to “test buy” all 1,500 counterfeited items and send them, along with his legitimate items, to Amazon for testing – something which would’ve cost him $40,000.

What I’m trying to say is this:

A company as big as Amazon needs to enforce their protocol better. They need to make sure all sellers are playing fair and adhering to the same standards. They can no longer turn a blind eye to such offenses. Both consumers and sellers should be aware of the policy and what is being done to actionably reinforce collective best & fair practice.  

I’ve reached out for an official comment from Amazon and will keep this post updated with their response accordingly.

An American Airlines Passenger Was Stuck Next to a 'Screaming and Kicking' Toddler. His Stunning Reaction Went Viral

Imagine your happy place. Now, imagine that in order to get to your happy place, you first have to sit next to a screaming toddler in economy on American Airlines for a few hours.

(Related: We Took Our 2-Year-Old on United and JetBlue. Here’s What We Learned)

We’ve seen this kind of thing happen a lot lately–with bad results and viral videos. There’s the New York state employee who reportedly yelled at a baby on a Delta flight and lost her job (at least temporarily) as a result. There’s the flight attendant who simply kicked a passenger and a fussy toddler off a plane.

And there’s the guy whose response was to record a video of a screaming child on a flightpost it to YouTube, and bask in the social media notoriety.

But perhaps there’s another way to respond. And a passenger on American Airlines who made that choice recently, went viral himself as a result.

Meet Todd Walker, a father of two who just celebrated 30 years with his employer, and who flies as often as four times a month from Kansas City to North Carolina for work.

He’d boarded an American Airlines flight recently on that route, getting seat 33A toward the back of the plane, only to find that the passengers sitting next to him were a mom named Jessica Rudeen, and her two kids: four-month-old Alexander on her lap, and three-year-old Caroline.  

After some chaos in the boarding area, Rudeen hadn’t had a chance to feed the four-month-old–and he started reacting the way hungry four-year-olds are known to do. Then, her three-year-old daughter changed her mind about the whole idea of flying.

That meant Walker was about to get what we might call, “whole toddler experience.” I’ll let Rudeen herself describe the maelstrom, as she did in a post (embedded at the end of this article):

My 3 year old, who was excited before boarding the plane, lost her nerve and began screaming and kicking, ‘I want to get off the plane! I don’t want to go!’ I honestly thought we’d get kicked off the plane. So with two kids losing their minds, I was desperately trying to calm the situation. 

Walker responded in a way that seemed completely unremarkable to him, he told me in a phone conversation this weekend. He just decided to help. As Rudeen explained further, Walker…

reached for the baby and held him while I forced a seatbelt on Caroline, got her tablet and started her movie. Once she was settled and relatively calmed, he distracted her so that I could feed Alexander. Finally, while we were taxiing, the back of the plane no longer had screams. During the flight, he colored and watched a movie with Caroline, he engaged in conversation and showed her all the things outside.

By the end of the flight, he was Caroline’s best friend. I’m not sure if he caught the kiss she landed on his shoulder while they were looking out the window.

Walker also was on the same connecting flight in Charlotte that Rudeen planned to take. He walked her daughter through the terminal to the new gate, and then asked to have his seat reassigned to he could sit next to the family and help out on the second flight, too.

I talked with both Walker and Rudeen this weekend, after Rudeen’s Instagram/Facebook post–which she originally put up because she hadn’t gotten Walker’s last name or contact information, and wanted to connect with him again–got so much traction. As of this writing it has more than 5,000 shares, and it’s been featured in media around the world.

The Walker and Rudeen families say they think their meeting was a result of divine intervention, and that they plan to meet again next month.

“I wasn’t expecting it to get to places like Brazil or Ireland or Australia or the U.K.,” Rudeen told me. “I’m just a stay-at-home mom in northwest Arkansas. But, I’m glad that it highlights the importance of what it means to be kind.”

Walker said he hadn’t thought his conduct had been a big deal, either, and but he welcomed the attention if it inspires other people to offer help, or to notice kindness around them.

“When I walked away in Wilmington, I never thought I’d hear from or see them again,” he said, reiterating that it hadn’t seemed like a big deal to him to respond to the family with kindness.

He also praised Rudeen for being willing to admit she could use the assistance, even in a world where people often have good reason to be wary of strangers. “Part of the reason this worked is that Jessica was willing to accept the help. That’s not always the case today, and I get it.” 

Here’s Jessica Rudeen’s Facebook post:

Cyber Saturday—How Facebook and GDPR Propelled an Underdog to Victory at RSA Conference

Happy Saturday, dear readers.

Earlier this year I noted that Europe’s General Data Protection Regulation, or GDPR, would be a big topic of conversation at this year’s RSA Conference, the biggest hobnobbing affair in the cybersecurity industry. I could not have foreseen how scandal after data privacy scandal at Facebook would intensify the discussion.

At this year’s ever entertaining “innovation sandbox contest,” a startup competition and hallmark of the conference, a little-known, New York City-based concern called BigID capitalized on the zeitgeist. The company, which had just eight employees as recently as December (mostly engineers in Israel), pitched itself differently than the typical cybersecurity marketing spiel. There was nary a mention of “detection,” “defense,” or “artificial intelligence.”

“I’m with BigID and our big idea is that privacy matters,” said Dimitri Sirota, CEO and cofounder of the firm, taking the stage. He explained that his company’s technology indexes business’s private data, maps out the inter-relationships between databases, and helps identify what companies need to do to comply with data regulations in different parts of the world.

“Ours was understandable,” Sirota told me later on a call. “You didn’t have to have a PhD in computer science to get what we did. It was accessible to the audience and judges.”

Sirota’s clarity of thinking was apparent to me years ago, back when he was heading up the security business at CA Technologies. In 2014, he livened up a panel I moderated at an enterprise security summit. A couple years later, Sirota strolled into Fortune’s offices clad in a black leather jacket and told me his plan to build a business around data privacy and compliance. Looks like he had the right idea at exactly the right time.

“Big data is almost like this atomic collider—smash all this data together to get value from it,” as Sirota put it on our recent call. “No one has been thinking of stewardship or custody or management of that information.”

Now everyone is thinking about it. With British officials raiding the offices of embattled political consultancy Cambridge Analytica, Mark Zuckerberg bending the knee before congress, and GDPR set to go into effect next month, no story holds greater sway in techland. It’s no surprise BigID took home the crown.

Dream big and have a great weekend.

Robert Hackett

@rhhackett

[email protected]

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’sdaily tech newsletter. Fortune reporter Robert Hackett here. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.

How to Build Custom Alexa Skills for the Amazon Echo

When Amazon first introduced developer tools that let people build stuff for Alexa, the company made a conscious decision to call these functions “skills” rather than apps. It was a subtle way of making Alexa seem capable, and also, suggesting to developers that building these skills would be a low lift. With just a “few lines of code,” Amazon promised, “you can build entirely new experiences designed around voice.”

Amazon says most Echo users in the US have tried these third-party skills at least once, but getting them to work can be tricky. Alexa’s voice skills often require super specific queries, and until Amazon started paying attention to the discovery process, taking the time to find new skills felt like a non-essential burden.

Now, Amazon has decided to make Alexa’s skills all about you: your dad jokes, your homework, your birthday. Yesterday the company rolled out a tool called Blueprints, which helps anyone—even non-coders—build custom skills for their Echos.

Amazon

Amazon

The announcement felt like a curious little leap in the world of virtual assistance. (Can you imagine Apple letting people program Siri to say whatever they want?) It also seemed like a gimmick, but a good one—one that could encourage more people to embrace skills.

The website for Blueprints lists 21 different skills, categorized by topics like “fun and games,” “home,” and “storytelling.” Annoyingly, the banner in the Alexa mobile app for Blueprints leads you to the mobile web, and at some point you’ll have to log into your Amazon account again. You also have to agree to Amazon’s terms for developers before you can make a new skill. Congrats! You’re a dev.

The Blueprints are not quite as customizable as you might think. Think of them more like Mad Libs for pre-existing Alexa narratives. Using the “family jokes” template, you can type in a joke like, “You know who would like a pet owl?” and then add the punchline, “Who?” You can also start a joke with “When I wake up” and teach Alexa to complete it with “Well you know I’m gonna be, I’m gonna be the man who wakes up next to you.” I’m not saying I did those things, because that would be incredibly corny. But you could.

You can also leave custom voice message for people, like an incoming houseguest or a pet sitter. But they’ll have to know the exact prompt to use in order to get that message. So you might end up texting your guest anyway, or leaving them a written note, and while you’re at it you might as well just mention that you’ve switched the cat’s food again or that the towels are in the third closet down the hall and at that point, why create a custom Blueprint for Alexa?

Still, I could see couples or families using this feature to leave private voice messages for each other. You can also program Alexa to pay you a personalized compliment.

There are a few restrictions: Alexa won’t swear. Try to program a custom response with profanity and the Blueprint will ask you to remove the offending word. (I tried twice.) The Blueprints also leave a lot of room for interpretation. You could, for example, create a question like “Who is the president?” and have Alexa respond that it’s Barack Obama. If you go back to asking Alexa a more generic question, one you haven’t personally programmed, like “Who is the leader of the US?”, Alexa will then correctly say Donald Trump.

And even after you’ve built these skills, you have to ask the questions verbatim. I built a Q&A asking whether the cat is hungry. (The answer is always yes.) By the time I processed that and other skills, I forgot the exact question I had written, and had to go back into my Blueprints to find the right terminology. Those verbal gymnastics can make it difficult to use the skills you’ve created.

But these personalized responses are by far the closest brush I’ve had with non-Amazon skills since I’ve been using Echo devices. Amazon says engagement with Alexa skills grew more than 50 percent from January 2017 to January 2018, and that there are more than 40,000 skills currently available. I have no reason to doubt this; this just hasn’t been the case for me.

I often use Alexa to access timers, music, and news; I’ve also used it to buy household goods, and at one point, to trigger my coffee maker. But I’ve never used Alexa to order a pizza, or to call an Uber—the third-party skills that are supposed to nudge voice into the future. Voice computing just hasn’t made sense when I’ve wanted to see the thing I’m ordering, or track the car as it’s pulling up to my house. But at the same time, I could see how adding custom-made, hyper-personal responses could drive even more of this kind of engagement with Alexa, especially since other smart home speakers don’t really do this.

My Blueprints test was brief, and yet it was one of the most fun experiences I’ve had so far with a virtual personal assistant at home. That’s probably because it enabled the “personal” part of that whole equation. The home bots may someday be our overlords, but at least we can program them to say ridiculous things in the meantime.

Hey, Alexa

DNC Lawsuit Against Russia Reveals New Details About 2016 Hack

The Democratic National Committee Friday filed a lawsuit against a broad slate of people and entities allegedly responsible for the 2016 hack of its email, phone calls, and more. But while the suit claims involvement from a host of headliners—Wikileaks, Julian Assange, Donald Trump, Jr., and Russia among them—its immediate importance lies in the previously unreported timeline it lays out.

While a rough outline of the DNC hack that rocked the 2016 election had previously been established, the 66-page lawsuit, first reported by The Washington Post gives exact dates for the first time. It also asserts coordination among a web of characters affiliated with the Trump campaign, Russia’s GRU intelligence service, and WikiLeaks.

“No one is above the law,” the suit begins. “In the run-up to the 2016 election, Russia mounted a brazen attack on American Democracy.”

The details of when and how that attack occurred, though, are more clear than ever—and may indicate that Russia’s plan to interfere in the US election predated its DNC intrusion.

According to the DNC lawsuit, Russian intelligence group Cozy Bear—the GRU-affiliated hacker group, also known as APT29—infiltrated the DNC network as far back as July 27, 2015, nearly a year before the leaks of the pilfered material began. The suit says that a second Russian group—Fancy Bear, the outfit that has recently tormented the International Olympic Committee as well—hacked the DNC’s systems on April 18, 2016. The DNC wouldn’t notice the presence of either until April 28, 2016, at which point it called in security firm CrowdStrike to help analyze and mitigate the damage.

The remedy was costly. The suit details the necessary fixes; the DNC had to “decommission more than 140 servers, remove and reinstall all software, including the operating systems, for more than 180 computers, and rebuild least 11 servers.” Between repairing and replacing equipment and hiring experts to manage the fallout, the bill came out to over a million dollars.

By then, of course, the worst damage had already been done. The DNC had been devastatingly compromised. The Russians had gained access not only to email systems but also to backup servers, VOIP calls, and chats. They were prepared to make off with “several gigabytes of data,” the suit says, a little over a week before the DNC even knew they were there.

The timeline from there has been a matter of public record. On June 14, the DNC first disclosed the hack. The following day, a persona going by Guccifer 2.0—only recently confirmed to be a Russian intelligence agent—claimed responsibility, leaking a 237-page opposition research report on Donald Trump in the process.

The leaks continued steadily from there, as the suit details. Guccifer 2.0 struck again on June 27, June 30, and July 6. On July 22, WikiLeaks took the wheel, releasing nearly 20,000 internal DNC emails. The following day, according to the suit, multiple DNC employees received an email that said: “I hope your children get raped and murdered. I hope your family knows nothing but suffering, torture, and death.”

The rest of the suit rehashes the connections that have played out in the press over the last several months, alleging Roger Stone, Paul Manafort, George Papadopoulos, and a host of Russians as ingredients in a collusive soup. But for close observers of Russia’s hacking efforts against the US in 2015 and beyond, it’s the timeline that provides the most valuable information.

That’s in part because of how it aligns with two incidents not mentioned in the suit. Many of the early leaks appeared on a site called DCLeaks, which went live in June 2016 but was registered on April 19, which the suit confirms was a day after Fancy Bear broke into the DNC. But the same group that registered DCLeaks had attempted but failed to register ElectionLeaks.com on April 12, nearly a week before the Fancy Bear hack.

The timeline strongly implies that Russia’s aim was to disrupt the election from the start, rather than a reconnaissance mission that rapidly escalated.

“They had already carried out the Podesta intrusion in March, and carried out a pretty large scale attempt to target the campaigns,” says John Hultquist, director of threat intelligence at security firm FireEye, referring to the emails of Hillary Clinton campaign chairman John Podesta, which were ultimately leaked a month before the 2016 election. That, combined with registering ElectionLeaks before the Fancy Bear break-in, “suggests they had this plan prior to even compromising the organization.”

It’s unclear how likely the DNC lawsuit is to succeed, especially in its efforts to hold Russia accountable in a US court. But its revelations shed light on one of the most impactful hacks of recent memory—and maybe the intentions of the country behind it.

Russian Hacks

3 Reasons Why Subscription Businesses Like Blue Apron and Trendy Butler Will Beat out Retail

The earliest subscription services such as newspapers and milk cartons have existed for decades without much attention. However, In the past five years, we have seen an explosion of innovative startups using the subscription business model to dominate their niche, beating out incumbents in the traditional retail sector.

This disruption is happening across a wide variety of industries, with over 2,000 business entities that operate under the subscription model in the United States alone. Meal kit subscription service Blue Apron went public earlier this year at a company valuation of nearly $2 billion. Birchbox, the New York-based startup that sells monthly boxes of beauty samples, is now valued at over $500 million. And Dollar Shave Club, the eccentric shaving brand, was acquired for over $1 billion, just to name a few success storiees.

Success achieved by early players in the industry has inspired a fresh wave of entrepreneurs to apply the subscription box model to new areas. Many of these hot startups are proving you can leverage big data and machine learning models to create extremely lucrative steady sources of recurring revenue.

One example of this is Trendy Butler, which offers a $65/month subscription box that comes with a combination of designer clothing (t-shirts, jackets, pants, etc.). The company, like many of today’s subscription services, uses an algorithm that collects your personal tastes and preferences (like sizes, styles, colors, etc.) to craft the perfect mix of outfits. It’s like Spotify, but for your clothing.

In analyzing the success of startups like Trendy Butler, I dug into why the subscription service model is likely to beat out conventional brick and mortar retail long term. Here are 3 reasons why:

1. Personalization at scale.

The assumption that entrepreneurs must operate under is that their customers are inherently trying to maximize their personal value while doing as little work as possible. In the case of shopping for clothing, we all want to look good, but many of us do not want, have the time, or frankly the talent to pick out the best outfits.

That’s what fueled Trendy Butler’s founders into realizing that we can use technology to completely rethink the way a shopping “experience” is delivered. Rather than randomly recommend products, predictive machine learning algorithms are used that take in a large data set (100+ points) of personalized information. As you expand the scope of the inputs to the algorithm, it gets smarter.

As recommendations are able to improve and become more personalized, the traditional brick and mortar way of doing business will simply not be able to keep up.

2. Predictable revenue sources.

Subscription business models also bring a sense of predictability that the retail industry has been lacking for decades. Since many stores cannot accurately forecast demand, there is often lots of waste, saturated product and overhead costs. These inefficiencies can often mean the difference between success and failure for many retailers.

Subscription companies circumvent these costs by doing much of the work behind the scenes. Additionally, most of if not all of their customers are paying monthly in exchange for a routine service/product. This is an extremely secure source of revenue that companies can develop over time

3. Establishing relationships with customers.

There is something special about opening your door to a new package even just once or twice a month. I personally love it when I receive a shipment from BarkBox and get to see my puppy light up with joy. The surprise in every subscription box is a unique opportunity for a company to delight their customers and provide a unique and memorable experience.

These touch points, which are rare in most other industries, develop customer loyalty. Over time, subscription box businesses tend to develop relationships with their customers because of the recurring nature of the interactions.

Retail is far more transactional as most of the instances are one time exchanges. With subscriptions, there is a constant need to interface with customers and continue the relationship.

As more and more companies infiltrate different industries, the only true competitive advantage startups will have will be in their ability to establish a strong and loyal community of backers. Building defensible relationships with customers is a great method of doing just that.

'Trustjacking' Could Expose iPhones to Attack

Have you used a friend’s laptop to charge your iPhone and gotten a prompt that says, “Trust This Computer?” Say yes, and the computer will be able to access your phone settings and data while they’re connected. And while it doesn’t feel like your answer really matters—your phone will charge either way—researchers from Symantec warn that this seemingly minor decision has much higher stakes than you’d think.

In fact, the Symantec team has found that hacks exploiting that misplaced “Trust” comprise a whole class of iOS attacks they call “trustjacking.” Once a user authorizes a device, they open themselves to serious and persistent attacks while their phone is connected to the same Wi-Fi network as a hacker, or even remote attacks when the devices are separated.

Adi Sharabani, Symantec’s senior vice president of modern operating system security, and Roy Iarchy, the modern operating system research team leader, will make that case Wednesday, in a presentation at the RSA security conference in San Francisco.

“Once this trust is established, everything is possible,” Sharabani told WIRED last week. “It introduces a new vector of attack.”

Sharabani and Iarchy’s presentation focuses largely on a feature known as iTunes Wi-Fi Sync, the tool that lets iOS devices sync with desktop iTunes over Wi-Fi. For this process you physically connect a mobile device to a computer once, indicate that the iOS device can trust the computer going forward, and then enable iTunes Wi-Fi Sync from the PC. After that the two devices can sync and communicate whenever they are on the same Wi-Fi network without any further approval from the iPhone or iPad.

It’s a reasonable and useful feature when used as intended. But an attacker could also plant a malicious computer—perhaps one shaped like a charging station or external battery—and trick people into connecting their devices and granting trust out of confusion or disinterest.

Once a trusted Wi-Fi Sync connection is established, attackers can not only do basic syncing, but also take advantage of controls meant for developers to manipulate the victim iOS device. A hacker could work quickly to install malware on the phone, or initiate a backup to gather data like a victim’s photos, app information, and SMS/iMessage chats. Attackers with trust privileges could also start watching a target device’s screen in real-time by initiating screenshots on the phone and then syncing them to the attack computer. Or they could play a long game, silently retaining their trusted status until it is long forgotten, for a future attack.

“We discovered this by mistake actually,” Sharabani says. “Roy was doing research and he connected his own iPhone to his own computer to access it. But accidentally he realized that he was not actually connected to his own phone. He was connected to one of his team members’ phones who had connected their mobile device to Roy’s desktop a few weeks before. So Roy started to dig into what exactly he could do and find out if he were an attacker.”

You can imagine a number of scenarios where this could work as a targeted attack. Everyone has places they visit regularly: an office, a coffee shop, the local library. Attackers could anticipate that a victim iOS device would regularly connect to the same Wi-Fi network as the trusted attacker computer—enabling clandestine, malicious backups with iTunes Wi-Fi Sync. The researchers point out that an attacker wouldn’t necessarily be geographically limited; after gaining a foothold, they could combine trustjacking with a type of attack called “malicious profiles,” which takes advantage of how iOS manages configuration packages for apps to get around access restrictions, establish continuous remote access. Beginning in iOS 10, though, Apple started making it harder for hackers to carry out malicious profile attacks.

It’s tempting to put the onus on the iPhone owner here; you shouldn’t, after all, connect with sketchy computers an trust them in the first place. And Apple, which declined to comment for this story, seems to agree. When Sharabani and Iarchy disclosed their findings to the company, it did add a second prompt in iOS 11 to require a device’s passcode as part of authorizing a new computer as trusted. This makes it more difficult for anyone other than the device owner to establish trust.

But Sharabani and Iarchy argue that it’s unreasonable to put it entirely on the user to make the correct choice about trusting a device, especially since the authorization persists indefinitely once it’s established. There’s also currently no way to see a list of devices that have outstanding trusted status.

In these transactions, iOS’s wording is also unhelpful. The prompts say, “Trust this computer? Your settings and data will be accessible from this computer when connected,” which might seem to mean that nothing will be exposed when the devices are no longer physically connected. In fact, given that Wi-Fi sync can be enabled in desktop iTunes without any involvement of the mobile device, there’s much more potential for long-term connection than users may realize.

Consider, too, that an attacker who successfully infects a target’s PC with malware can exploit the trust a victim grants his own computer. A user will obviously trust their own computer, and their phone and PC will frequently be on the same Wi-Fi network. So an attacker who has infected a target’s computer can get a two-for-one of also having regular access to the victim’s iOS devices.

“Apple took the very quick act of adding the passcode,” Sharabani notes. “With that said, this is a design problem. They could better design the future behavior of the features, but it will take them time to implement. That’s why it’s so important to alert users and raise awareness. Users need to understand the implications.”

Sharabani and Iarchy say they haven’t seen trustjacking attacks in the wild so far, but that doesn’t mean they aren’t out there or coming. And though Apple doesn’t offer a list of the computers an iOS device trusts, it is possible to scrub the trusted computers list entirely. In iOS 11 users can go to Settings > General > Reset > Reset Location & Privacy to get a clean slate, after which people can start to be more cognizant of which computers they authorize. (Note that doing this reset also revokes all specially granted app permissions.) Another helpful defense for users is to encrypt iOS device backups with a strong password. With this turned on, an attacker abusing Wi-Fi Sync can still make their own backups of a victim device, but they will be encrypted with whatever password the target chose.

The researchers see iOS’s authorization prompts as a single point of failure, where the operating system could provide a few more prompts in exchange for more layers of defense against trustjacking. No one wants one seemingly insignificant mistake to blow up in their face weeks or months later. But while users wait for Apple to architect long-term solutions, their best defense is to become discerning and extremely selective about doling out trust.

Smartphone Safety