Amazon migrates more than 100 consumer services from Oracle to AWS databases

AWS and Oracle love to take shots at each other, but as much as Amazon has knocked Oracle over the years, it was forced to admit that it was in fact a customer. Today in a company blog post, the company announced it was shedding Oracle for AWS databases, and had effectively turned off its final Oracle database.

The move involved 75 petabytes of internal data stored in nearly 7,500 Oracle databases, according to the company. “I am happy to report that this database migration effort is now complete. Amazon’s Consumer business just turned off its final Oracle database (some third-party applications are tightly bound to Oracle and were not migrated),” AWS’s Jeff Barr wrote in the company blog post announcing the migration.

Over the last several years, the company has been working to move off of Oracle databases, but it’s not an easy task to move projects on Amazon scale. Barr wrote there were lots of reasons the company wanted to make the move. “Over the years we realized that we were spending too much time managing and scaling thousands of legacy Oracle databases. Instead of focusing on high-value differentiated work, our database administrators (DBAs) spent a lot of time simply keeping the lights on while transaction rates climbed and the overall amount of stored data mounted,” he wrote.

More than 100 consumer services have been moved to AWS databases, including customer-facing tools like Alexa, Amazon Prime and Twitch, among others. It also moved internal tools like AdTech, its fulfillment system, external payments and ordering. These are not minor matters. They are the heart and soul of Amazon’s operations.

Each team moved the Oracle database to an AWS database service like Amazon DynamoDB, Amazon Aurora, Amazon Relational Database Service (RDS) and Amazon Redshift. Each group was allowed to choose the service they wanted, based on its individual needs and requirements.

Oracle declined to comment on this story.

 

“BriansClub” Hack Rescues 26M Stolen Cards

BriansClub,” one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.

An ad for BriansClub has been using my name and likeness for years to peddle millions of stolen credit cards.

Last month, KrebsOnSecurity was contacted by a source who shared a plain text file containing what was claimed to be the full database of cards for sale both currently and historically through BriansClub[.]at, a thriving fraud bazaar named after this author. Imitating my site, likeness and namesake, BriansClub even dubiously claims a copyright with a reference at the bottom of each page: “© 2019 Crabs on Security.”

Multiple people who reviewed the database shared by my source confirmed that the same credit card records also could be found in a more redacted form simply by searching the BriansClub Web site with a valid, properly-funded account.

All of the card data stolen from BriansClub was shared with multiple sources who work closely with financial institutions to identify and monitor or reissue cards that show up for sale in the cybercrime underground.

The leaked data shows that in 2015, BriansClub added just 1.7 million card records for sale. But business would pick up in each of the years that followed: In 2016, BriansClub uploaded 2.89 million stolen cards; 2017 saw some 4.9 million cards added; 2018 brought in 9.2 million more.

Between January and August 2019 (when this database snapshot was apparently taken), BriansClub added roughly 7.6 million cards.

Most of what’s on offer at BriansClub are “dumps,” strings of ones and zeros that — when encoded onto anything with a magnetic stripe the size of a credit card — can be used by thieves to purchase electronics, gift cards and other high-priced items at big box stores.

As shown in the table below (taken from this story), many federal hacking prosecutions involving stolen credit cards will for sentencing purposes value each stolen card record at $500, which is intended to represent the average loss per compromised cardholder.

The black market value, impact to consumers and banks, and liability associated with different types of card fraud.

STOLEN BACK FAIR AND SQUARE

An extensive analysis of the database indicates BriansClub holds approximately $414 million worth of stolen credit cards for sale, based on the pricing tiers listed on the site. That’s according to an analysis by Flashpoint, a security intelligence firm based in New York City.

Allison Nixon, the company’s director of security research, said the data suggests that between 2015 and August 2019, BriansClub sold roughly 9.1 million stolen credit cards, earning the site $126 million in sales (all sales are transacted in bitcoin).

If we take just the 9.1 million cards that were confirmed sold through BriansClub, we’re talking about more than $4 billion in likely losses at the $500 average loss per card figure from the Justice Department.

Also, it seems likely the total number of stolen credit cards for sale on BriansClub and related sites vastly exceeds the number of criminals who will buy such data. Shame on them for not investing more in marketing!

There’s no easy way to tell how many of the 26 million or so cards for sale at BriansClub are still valid, but the closest approximation of that — how many unsold cards have expiration dates in the future — indicates more than 14 million of them could still be valid.

The archive also reveals the proprietor(s) of BriansClub frequently uploaded new batches of stolen cards — some just a few thousand records, and others tens of thousands.

That’s because like many other carding sites, BriansClub mostly resells cards stolen by other cybercriminals — known as resellers or affiliates — who earn a percentage from each sale. It’s not yet clear how that revenue is shared in this case, but perhaps this information will be revealed in further analysis of the purloined database.

BRIANS CHAT

In a message titled “Your site is hacked,’ KrebsOnSecurity requested comment from BriansClub via the “Support Tickets” page on the carding shop’s site, informing its operators that all of their card data had been shared with the card-issuing banks.

I was surprised and delighted to receive a polite reply a few hours later from the site’s administrator (“admin”):

“No. I’m the real Brian Krebs here 🙂

Correct subject would be the data center was hacked.

Will get in touch with you on jabber. Should I mention that all information affected by the data-center breach has been since taken off sales, so no worries about the issuing banks.”

Flashpoint’s Nixon said a spot check comparison between the stolen card database and the card data advertised at BriansClub suggests the administrator is not being truthful in his claims of having removed the leaked stolen card data from his online shop.

The admin hasn’t yet responded to follow-up questions, such as why BriansClub chose to use my name and likeness to peddle millions of stolen credit cards.

Almost certainly, at least part of the appeal is that my surname means “crab” (or cancer), and crab is Russian hacker slang for “carder,” a person who engages in credit card fraud.

Many of the cards for sale on BriansClub are not visible to all customers. Those who wish to see the “best” cards in the shop need to maintain certain minimum balances, as shown in this screenshot.

HACKING BACK?

Nixon said breaches of criminal website databases often lead not just to prevented cybercrimes, but also to arrests and prosecutions.

“When people talk about ‘hacking back,’ they’re talking about stuff like this,” Nixon said. “As long as our government is hacking into all these foreign government resources, they should be hacking into these carding sites as well. There’s a lot of attention being paid to this data now and people are remediating and working on it.”

By way of example on hacking back, she pointed to the 2016 breach of vDOS — at the time the largest and most powerful service for knocking Web sites offline in large-scale cyberattacks.

Soon after vDOS’s database was stolen and leaked to this author, its two main proprietors were arrested. Also, the database added to evidence of criminal activity for several other individuals who were persons of interest in unrelated cybercrime investigations, Nixon said.

“When vDOS got breached, that basically reopened cases that were cold because [the leak of the vDOS database] supplied the final piece of evidence needed,” she said.

THE TARGET BREACH OF THE UNDERGROUND?

After many hours spent poring over this data, it became clear I needed some perspective on the scope and impact of this breach. As a major event in the cybercrime underground, was it somehow the reverse analog of the Target breach — which negatively impacted tens of millions of consumers and greatly enriched a large number of bad guys? Or was it more prosaic, like a Jimmy Johns-sized debacle?

For that insight, I spoke with Gemini Advisory, a New York-based company that works with financial institutions to monitor dozens of underground markets trafficking in stolen card data.

Andrei Barysevich, co-founder and CEO at Gemini, said the breach at BriansClub is certainly significant, given that Gemini currently tracks a total of 87 million credit and debit card records for sale across the cybercrime underground.

Gemini is monitoring most underground stores that peddle stolen card data — including such heavy hitters as Joker’s StashTrump’s Dumps, and BriansDump.

Contrary to popular belief, when these shops sell a stolen credit card record, that record is then removed from the inventory of items for sale. This allows companies like Gemini to determine roughly how many new cards are put up for sale and how many have sold.

Barysevich said the loss of so many valid cards may well impact how other carding stores compete and price their products.

“With over 78% of the illicit trade of stolen cards attributed to only a dozen of dark web markets, a breach of this magnitude will undoubtedly disturb the underground trade in the short term,” he said. “However, since the demand for stolen credit cards is on the rise, other vendors will undoubtedly attempt to capitalize on the disappearance of the top player.”

Liked this story and want to learn more about how carding shops operate? Check out Peek Inside a Professional Carding Shop.

SentinelOne Named a Global Leader in Cloud Computing

We are excited to announce that SentinelOne has been selected as a security category winner in the 2019 Stratus Awards for Cloud Computing. The cloud is now part of the fabric of our personal and professional lives, and we are thrilled to be recognized as a leader in the cloud security space. 

Security created in the cloud, deployed via the cloud and protecting the cloud is the way of the future, not only for cloud workloads but for all attack surfaces.  Our platform is cloud managed, but importantly, not cloud reliant.

In today’s world, digital identities are in many ways more vulnerable, sensitive and risky than physical identities. Malware and cybercrime threats challenge the way enterprises and municipalities conduct business, share information, create, produce, sell, market and support their products, customers, employees and investors. Today’s challenge is that everything is digital. Every device is connected. Therefore, just as physical items can be stolen, today’s precious assets are increasingly susceptible to cybercrime. 

Our solution leverages the power of the cloud to help enterprises remove the shackles and limitations of legacy antivirus solutions. We deliver autonomous endpoint protection through a single agent that successfully prevents, detects, responds, and hunts attacks across all major vectors. 

Our patented Behavioral AI provides real time prevention and ActiveEDR from edge to cloud – through a cloud-native platform with no reliance on connectivity or updates. Other technologies require humans to manually take action or large reactive databases to be uploaded to computers. 

Cloud computing has enabled the creation and scaling of our technology to millions of endpoints around the globe today. We’ve liberated more than 2,500 enterprises to date, and we’re just getting started! Do you want to be next? Talk to us today to learn how we can protect your cloud.

Interested in learning more? Schedule your free demo today

Request a demo


Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Okta wants to make every user a security ally

End users tend to get a bad rap in the security business because they are often the weakest security link. They fall for phishing schemes, use weak passwords and often unknowingly are the conduit for malicious actors getting into your company’s systems. Okta wants to change that by giving end users information about suspicious activity involving their login, while letting them share information with the company’s security apparatus when it makes sense.

Okta actually developed a couple of new products under the umbrella SecurityInsights. The end user product is called UserInsights. The other new product, called HealthInsights, is designed for administrators and makes suggestions on how to improve the overall identity posture of a company.

UserInsights lets users know when there is suspicious activity associated with their accounts, such as a login from an unrecognized device. If it appears to involve a stolen password, he or she would click the Report button to report the incident to the company’s security apparatus where it would trigger an automated workflow to start an investigation. The person should also obviously change that compromised password.

HealthInsights operates in a similar fashion, except for administrators at the system level. It checks the configuration parameters and makes sure the administrator has set up Okta according to industry best practices. When there is a gap between the company’s settings and a best practice, the system alerts the administrator and allows them to fix the problem. This could involve implementing a stricter password policy, creating a block list for known rogue IP addresses or forcing users to use a second factor for certain sensitive operations.

HealthInsight Completed tasks

Health Insights Report. Image: Okta

Okta is first and foremost an identity company. Organizations, large and small, can tap into Okta to have a single sign-on interface where you can access all of your cloud applications in one place. “If you’re a CIO and you have a bunch of SaaS applications, you have a [bunch of] identity systems to deal with. With Okta, you narrow it down to one system,” CEO Todd McKinnon told TechCrunch.

That means, if your system does get spoofed, you can detect anomalous behavior much more easily because you’re dealing with one logon instead of many. The company developed these new products to take advantage of that, and provide these groups of employees with the information they need to help protect the company’s systems.

The SecurityInsights tools are available starting today.

Clari snags $60M Series D on valuation of around $500M

Clari uses AI to help companies find key information like the customers most likely to convert, the state of orders in the sales process or the next big sources of revenue. As its revenue management system continues to flourish, the company announced a $60 million Series D investment today.

Sapphire Ventures led the round with help from newcomer Madrona Venture Group and existing investors Sequoia Capital, Bain Capital Ventures and Tenaya Capital. Today’s investment brings the total raised to $135 million, according to the company.

The valuation, which CEO and co-founder Andy Byrne pegged at around a half a billion, appears to be a hefty raise from what the company was likely valued at in 2018 after its $35 million Series C. As TechCrunch’s Ingrid Lunden wrote at the time:

For some context, Clari, according to Pitchbook, had a relatively modest post-money valuation of $83.5 million in its last round in 2014, so my guess is that it’s now comfortably into hundred-million territory, once you add in this latest $35 million.

Byrne says the company wasn’t even really looking for a new round, but when investors came knocking, he couldn’t refuse. “On the fundraise side, what’s really interesting is how this whole thing went down. We weren’t out looking, but we had a massive amount of interest from a lot of firms. We decided to engage, and we got it done in less than three weeks, which the board was kind of blown away by,” Byrne told TechCrunch.

What’s motivating these companies to invest is that Clari is helping to define this revenue operations category, and has attracted companies like Okta, Zoom and Qualtrics as customers. What they are providing is this AI-fueled way to see where the best sales opportunities are to drive revenue, and that’s what every company is looking for. At the same time, Byrne says that he’s moving companies away from a spreadsheet-driven record keeping system, enabling them to see all of the data in one place.

“Clari is allowing a rep to really understand where they should spend time, automating a lot of things for them to close deals faster, while giving managers new insights they’ve never had before to allow them to drive more revenue. And then we’re getting them out of ‘Excel hell.’ They’re no longer in these spreadsheets. They’re in Clari, and have more predictability in their forecasting,” he said.

Clari was founded in 2012 and is headquartered in Sunnyvale, Calif. It has more than 300 customers and just passed the 200 employee mark, a number that should increase as the company uses this money to begin to accelerate growth and expand the product’s capabilities.

Xage now supports hierarchical blockchains for complex implementations

Xage is working with utilities, energy companies and manufacturers to secure their massive systems, and today it announced some significant updates to deal with the scale and complexity of these customers’ requirements, including a new hierarchical blockchain.

Xage enables customers to set security policy, then enforce that policy on the blockchain. Company CEO Duncan Greatwood says as customers deploy his company’s solutions more widely, it has created a set of problems around scaling that they had to address inside the product, including the use of blockchain.

As you have multiple sites involved in a system, there needed to be a way for these individual entities to operate, whether they are connected to the main system or not. The answer was to provide each site with its own local blockchain, then have a global blockchain that acts as the ultimate enforcer of the rules once the systems reconnected.

“What we’ve done is by creating independent blockchains for each location, you can continue to write even if you are separated or the latency is too high for a global write. But when the reconnect happens with the global system, we replay the writes into the global blockchain,” Greatwood explained.

While classical blockchain doesn’t allow these kinds of separations, Xage felt it was necessary to deal with its particular kind of use case. When there is a separation, a resynchronization happens where the global blockchain checks the local chains for any kinds of changes, and if they are not consistent with the global rules, it will overwrite those entries.

Greatwood says these changes can be malicious if someone managed to take over a node or they could be non-malicious, such as a password change that wasn’t communicated to the global chain until it reconnected. Whatever the reason, the global blockchain has this power to fix the record when it’s required.

Another issue that has come up for Xage customers is the idea that majority rules on a blockchain, but that’s not always a good idea when you have multiple entities working together. As Greatwood explains, if one entity has 600 nodes and the other has 400, the larger entity can always enforce its rules on the smaller one. To fix that, they have created what they are calling a supermajority.

“The supermajority allows us to impose impose rules such as, after you have the majority of 600 nodes, you also have to have the majority of the 400 nodes. Obviously, that will give you an overall majority. But the important point is that the company with 400 nodes is protected now because the write to the ledger account can’t happen unless a majority of the 400 node customers also agrees and participates in the write,” Greatwood explained.

Finally, the company also announced scaling improvements, which reduce computing requirements to run Xage by 10x, according to the company.

Salesforce adds integrated order management system to its arsenal

Salesforce certainly has a lot of tools crossing the sales, service and marketing categories, but until today when it announced Lightning Order Management, it lacked an integration layer that allowed companies to work across these systems to manage orders in a seamless way.

“This is a new product built from the ground up on the Salesforce Lightning Platform to allow our customers to fulfill, manage and service their orders at scale,” Luke Ball, VP of product management at Salesforce told TechCrunch.

He says that order management is an often-overlooked part of the sales process, but it’s one that’s really key to the whole experience you’re trying to provide for your customers. “We think about advertising and acquisition and awareness. We think about creating amazing, compelling commerce experiences on the storefront or on your website or in your app. But I think a lot of brands don’t necessarily think about the delivery experience as part of that customer experience,” he said.

The problem is that order management involves so many different systems along with internal and external stakeholders. Trying to pull them together into a coherent system is harder than it looks, especially when it could also involve older legacy technology. As Ball pointed out, the process includes shipping carriers, warehouse management systems, ERP systems and payment and tax and fraud tools.

The Salesforce solution involves a few key pieces. For starters there is order life cycle management, what Ball calls the brains of the operation. “This is the core logic of an order management system. Everything that extends commerce beyond the Buy button — supply chain management, order fulfillment, payment capture, invoice creation, inventory availability and custom business logic. This is the bread and butter of an order management system,” he said.

Lightning Order Management 7 LOM AppPicker bezel

Salesforce Lightning Order Management App Picker (Image: Salesforce)

Customers start by building visual order workflows. They can move between systems in an App Picker, and the information is shared between Commerce Cloud and Service Cloud, so that as customers move from sales to service, the information moves with them and it makes it easier to process inquiries from customers about an order, including returns.

Ball says that Salesforce recognizes that not every customer will be an all-Salesforce shop and the system is designed to work with tools from other vendors, although these external tools won’t show up in the App Picker. It also knows that this process involves external vendors like shipping companies, so they will be offering specific integration apps for Lightning Order Management in the Salesforce AppExchange.

The company is announcing the product today and will be making it generally available in February.

Flaw in Cyberoam firewalls exposed corporate networks to hackers

Sophos said it is fixing a vulnerability in its Cyberoam firewall appliances, which a security researcher says can allow an attacker to gain access to a company’s internal network without needing a password.

The vulnerability allows an attacker to remotely gain “root” permissions on a vulnerable device, giving them the highest level of access, by sending malicious commands across the internet. The attack takes advantage of the web-based operating system that sits on top of the Cyberoam firewall.

Once a vulnerable device is accessed, an attacker can jump onto a company’s network, according to the researcher who shared their findings exclusively with TechCrunch.

Cyberoam devices are typically used in large enterprises, sitting on the edge of a network and acting as a gateway to allow employees in while keeping hackers out. These devices filter out bad traffic, and prevent denial-of-service attacks and other network-based attacks. They also include virtual private networking (VPN), allowing remote employees to log on to their company’s network when they are not in the office.

It’s a similar vulnerability to recently disclosed flaws in corporate VPN providers, notably Palo Alto Networks, Pulse Secure and Fortinet, which allowed attackers to gain access to a corporate network without needing a user’s password. Many large tech companies, including Twitter and Uber, were affected by the vulnerable technology, prompting Homeland Security to issue an advisory to warn of the risks.

Sophos, which bought Cyberoam in 2014, issued a short advisory this week, noting that the company rolled out fixes on September 30.

The researcher, who asked to remain anonymous, said an attacker would only need an IP address of a vulnerable device. Getting vulnerable devices was easy, they said, by using search engines like Shodan, which lists around 96,000 devices accessible to the internet. Other search engines put the figure far higher.

A Sophos spokesperson disputed the number of devices affected, but would not provide a clearer figure.

“Sophos issued an automatic hotfix to all supported versions in September, and we know that 99% of devices have already been automatically patched,” said the spokesperson. “There are a small amount of devices that have not as of yet been patched because the customer has turned off auto-update and/or are not internet-facing devices.”

Customers still affected can update their devices manually, the spokesperson said. Sophos said the fix will be included in the next update of its CyberoamOS operating system, but the spokesperson did not say when that software would be released.

The researcher said they expect to release the proof-of-concept code in the coming months.

Top VCs, founders share how to build a successful SaaS company

Last week at TechCrunch Disrupt in San Francisco, we hosted a panel on the Extra Crunch stage on “How to build a billion-dollar SaaS company.” A better title probably would have been “How to build a successful SaaS company.”

We spoke to Whitney Bouck, COO at HelloSign; Jyoti Bansal, CEO and founder at Harness, and Neeraj Agrawal, a partner at Battery Ventures to get their view on how to move through the various stages to build that successful SaaS company.

While there is no magic formula, we covered a lot of ground, including finding a product-market fit, generating early revenue, the importance of building a team, what to do when growth slows and finally, how to resolve the tension between growth and profitability.

Finding product-market fit

Neeraj Agrawal: When we’re talking to the market, what we’re really looking for is a repeatable pattern of use cases. So when we’re talking to prospects — the words they use, the pain point they use — are very similar from call to call to call? Once we see that pattern, we know we have product-market fit, and then we can replicate that.

Jyoti Bansal: Revenue is one measure of product-market fit. Are customers adopting it and getting value out of it and renewing? Until you start getting a first set of renewals and a first set of expansions and happy successful customers, you don’t really have product-market fit. So that’s the only way you can know if the product is really working or not.

Whitney Bouck: It isn’t just about revenue — the measures of success at all phases have to somewhat morph. You’ve got to be looking at usage, at adoption, value renewals, expansion, and of course, the corollary, churn, to give you good health indicators about how you’re doing with product-market fit.

Generating early revenue

Jyoti Bansal: As founders we’ve realized, getting from idea to early revenue is one of the hardest things to do. The first million in revenue is all about street fighting. Founders have to go out there and win business and do whatever it takes to get to revenue.

As your revenue grows, what you focus on as a company changes. Zero to $1 million, your goal is to find the product-market fit, do whatever it takes to get early customers. One million to $10 million, you start scaling it. Ten million to $75 million is all about sales, execution, and [at] $75 million plus, the story changes to how do you go into new markets and things like that.

Whitney Bouck: You really do have to get that poll from the market to be able to really start the momentum and growth. The freemium model is one of the ways that we start to engage people — getting visibility into the product, getting exposure to the product, really getting people thinking about, and frankly, spreading the word about how this product can provide value.

48833421487 5933a39235 k

Photo: Kimberly White/Getty Images for TechCrunch

 

The Good, the Bad and the Ugly in Cybersecurity – Week 41

Image of The Good, The Bad & The Ugly in CyberSecurity

The Good

Governments using mass surveillance to monitor and control the public is, unfortunately, no longer a theoretical fear born out of reading too much George Orwell, but something that is a fact of life for many. Good news for civil liberties, then, that California this week took a decisive step in favor of protecting citizens’ right to privacy by banning law enforcement officers from using facial recognition in body cams. Dragnet surveillance that is “the functional equivalent of requiring every person to show a personal photo id card at all times” was called out as “a violation of recognized constitutional rights” and can be used to track individuals and their personal associations without their consent. Aside from concerns about the use and security of massive databases cataloging the lives of law-abiding citizens, the bill also recognizes that facial recognition technology has a high rate of “false positives” that could pose elevated risks to people misidentified as someone else.

image of body cams tweet

The Bad

A Bonjour vulnerability allowed BitPaymer ransomware to target Windows machines that have, or once had, Apple’s iTunes or iCloud for Windows installed. The Bonjour updater used an unquoted string to specify the path to an executable in the C:Program Files directory. Without quotes, the space in the path name causes the program to ignore the rest of the path after the space, and therefore to look for and execute anything at C:Program. By placing a malicious executable at just that path, the attackers were able to manipulate the Bonjour updater to spawn their own code as a child process of a legitimate system process. That didn’t give the attackers elevated privileges, but it was enough to bypass certain types of legacy security solutions that whitelist execution chains of signed software. It just goes to show that whitelisting based on identity has a habit of coming back to bite you in the end. 

There’s a kicker, too, for those that are feeling safe on account of having uninstalled the Apple apps in the past: even if iTunes and iCloud for Windows have been uninstalled, the device could still be vulnerable to the exploit as Bonjour is a different component and needs to be separately removed. For those that haven’t uninstalled the Apple programs and the Bonjour updater, updating iTunes or iCloud for Windows to the latest version will also patch the Bonjour vulnerability.

image of apple bonjour vulnerabilitySource

The Ugly

US companies have long had to tread a fine line when it comes to trading in China. After the Eastern superpower this week pressurized the NBA over its perceived support of Hong Kong protesters, Apple were next in line to feel the squeeze as the economic giant criticized the Californian tech company for hosting the HKmap.Live app on its App Store. Stating reasons widely disputed by protesters on the ground and in conflict with the app’s apparent functionality, Apple CEO Tim Cook pulled the app from the store, claiming it was being used to target individual police officers and to victimize residents. Banning the app, which has both an online and Android counterpart, is unlikely to have any real impact on the running battles between protesters and police, critics say. However, Apple’s willingness to cite uncorroborated claims from Hong Kong authorities as the reason for their decision has caused dismay among those who feel US companies bow a little too readily to Chinese censorship.

image from hk live website


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security