Week in Review: September 23, 2015

by Muira McCammon

Apple: App Store Infected with XcodeGhost Malware in China

Apple has had to remove at least 300 applications infected with malware from its online App Store. Hackers are said to have created a counterfeit version of Apple's software for building iOS apps, which they persuaded developers to download. "We've removed the apps from the App Store that we know have been created with this counterfeit software," said Apple spokeswoman Christine Monaghan. It is believed that some apps infected with the malware are also being used by Apple consumers based in the United States. In an explanatory report, Palo Alto Networks reflected, " XcodeGhost is the first compiler malware in OS X. Its malicious code is located in a Mach-O object file that was repackaged into some versions of Xcode installers. These malicious installers were then uploaded to Baidu’s cloud file sharing service for used by Chinese iOS/OS X developers. Xcode is Apple’s official tool for developing iOS or OS X apps and it is clear that some Chinese developers have downloaded these Trojanized packages[...] This is the sixth malware that has made it through to the official App Store after LBTM, InstaStock, FindAndCall, Jekyll and FakeTor." 

China and United States: The Two Countries Consider a Cyber Warfare Agreement

The New York Times [EN] [CH] reports that the United States and China are negotiating what could become the first arms control accord concerning cyberspace. Some, however, continue to speculate that the two countries may only be able to agree upon a generic code of conduct, similar to the one recently proposed by a committee at the United Nations. In an interview with The Wall Street Journal, Chinese President Xi Jinping commented, “Cybertheft of commercial secrets and hacking attacks against government networks are both illegal; such acts are criminal offenses and should be punished according to law and relevant international conventions. We are ready to strengthen cooperation with the U.S. side on this issue.”

Edward Snowden Gives Update on Encryption, Aliens

In an interview with Neil deGrasse Tyson, Edward Snowden suggested that alien signals might simply be too well encrypted for humans to detect them. "When you look at encrypted communications, if they are properly encrypted, there is no real way to tell that they are encrypted. You can’t distinguish a properly encrypted communication, at least in the theoretical sense, from random noise," said Snowden. He added, "So if you have an alien civilization trying to listen for other civilizations, or our civilization trying to listen for aliens, there's only one small period in the development of their society where all of their communications will be sent via the most primitive and most unprotected means."

France: Data Privacy Regulators Take Additional Steps towards Sanctioning Google

On Monday, September 22, 2015, tension increased between Google and France's data protection authority; French privacy regulators insist that people with connections to Europe should be able to ask global search engines (such as Google) to remove links to items about them from all domains. Thus far, Google has unsuccessfully argued that the most recent privacy ruling should only apply to European domains - including Google.de in Germany or Google.nl in the Netherlands. The Commission Nationale de l’Informatique et des Libertés (CNIL) said, “Contrary to what Google has stated, this decision does not show any willingness on the part of the CNIL to apply French law extraterritorially. It simply requests full observance of European legislation by non European players offering their services in Europe.” At this juncture, Google cannot appeal the order under French law; it could ultimately face fines of up to 2% to 5% of its global operating costs. France is the first European Union member state to openly and actively develop a legal case against Google to punish it for not applying the right to be forgotten (or the French "le droit à l'oubli").

The Internet Monitor Week in Review is a weekly round-up of news about Internet content controls and online activity around the world.