TIME Security

WikiLeaks Creates Online Archive of Hacked Sony Documents

In this Aug. 18, 2014, file photo, Ecuador's Foreign Minister Ricardo Patino, left, and WikiLeaks founder Julian Assange speak during a news inside the Ecuadorian Embassy in London
John Stillwell—AP Ecuador's Foreign Minister Ricardo Patino, left, and WikiLeaks founder Julian Assange speak during a news conference inside the Ecuadorian Embassy in London on Aug. 18, 2014

WikiLeaks posted more than 170,000 emails from Sony Pictures and a subsidiary into a searchable online archive

(NEW YORK) — Sony’s hacking problems aren’t over yet.

Whistleblower site WikiLeaks on Thursday put hundreds of thousands of emails and documents from last year’s crippling cyberattack against Sony Pictures Entertainment into a searchable online archive. It’s the latest blow for the entertainment and technology company struggling to get past the attack, which the company estimates caused millions in damage.

The website founded by Julian Assange said that its database includes more than 170,000 emails from Sony Pictures and a subsidiary, plus more than 30,000 other documents.

Sony Pictures blasted WikiLeaks for creating the archive, saying the website was helping the hackers disseminate stolen information.

“We vehemently disagree with WikiLeaks’ assertion that this material belongs in the public domain,” the company said in a statement.

But Assange said the documents should be available to the public. Although they had been online, it was in a compressed format that wasn’t easily searchable.

“This archive shows the inner workings of an influential multinational corporation,” Assange said. “It is newsworthy and at the center of a geo-political conflict. It belongs in the public domain. WikiLeaks will ensure it stays there.”

The WikiLeaks site lets users find emails, documents or an entire cache of files through searches using keywords, people who sent or received emails and types of files. The site made a name for itself in 2010 when it began publishing diplomatic cables leaked by Chelsea Manning, formerly known as Bradley Manning.

Assange is currently battling a detention order in Sweden, where he is wanted by prosecutors in an investigation of alleged sex crimes. He has avoided being extradited to Sweden by taking shelter in the Ecuadorean Embassy in London since 2012.

Sony Pictures’ troubles began last December after it suffered an extensive hacking attack and release of confidential emails ahead of its release of “The Interview,” a comedy that centers around the assassination of North Korean leader Kim Jong Un. A group calling itself Guardians of the Peace took credit for the attack, and U.S. intelligence officials said the group was linked to North Korea, but no official link has been made.

The attack exposed tens of thousands of sensitive documents, including studio financial records, employment files and emails between Sony executives. Some emails revealed exchanges between Oscar-winning producer Scott Rudin and Sony Pictures’ co-chair Amy Pascal that contained a frank assessment of Angelina Jolie’s talent and racially offensive jokes about President Barack Obama’s presumed taste in movies. The company announced in February that Pascal would transition to a job as the head of a new production venture at the studio.

Sony Pictures at first shelved “The Interview,” but it was later opened in a limited release.

The studio’s parent, Tokyo-based Sony Corp., launched an overhaul of its own security in 2011 after hackers broke into its PlayStation Network gaming system and stole data of 77 million users.

TIME Innovation

Five Best Ideas of the Day: April 15

The Aspen Institute is an educational and policy studies organization based in Washington, D.C.

1. The U.S. is safer than we’ve been in generations. So why do we see threats around every corner?

By Stephen Kinzer in the Boston Globe

2. Is college worth it? There’s a checklist for that.

By Brandon Busteed at Gallup

3. Life is teaching your kid the value of white lies.

By Melissa Dahl in the Science of Us

4. The secret to success for unregulated currencies like Bitcoin might be more regulation.

By Larry Greenemeier in Scientific American

5. Scotland’s new drunk-driving law works so well, it’s hurting their economy.

By Chris Green in the Independent

The Aspen Institute is an educational and policy studies organization based in Washington, D.C.

TIME Ideas hosts the world's leading voices, providing commentary and expertise on the most compelling events in news, society, and culture. We welcome outside contributions. To submit a piece, email ideas@time.com.

TIME celebrities

Alyssa Milano Had Her Breast Milk Confiscated by British Airport Staff

Alyssa Milano
Rich Fury — AP Alyssa Milano arrives at the LA premiere of Get Hard at the TCL Chinese Theatre on March 25, 2015, in Los Angeles

Apparently it's a security risk

Charmed and Mistresses actress Alyssa Milano lambasted officials at London’s Heathrow Airport on Tuesday, reports ABC, after 10 oz. of her own pre-expressed breast milk were taken from her as she passed through security.

“Every ounce of milk I’m able to produce for my child is nothing short of a miracle and to watch that milk be thrown away without any regard for my baby, was heartbreaking,” said Milano.

According to Heathrow’s screening protocol, passengers traveling with a baby or infant are supposed to be allowed to “carry a reasonable amount” of breast milk through security.

Milano conceded that security staff were “following orders to keep us all safe.” But the actress said she hopes the policy undergoes a “thoughtful consideration.”

Read next: Alyssa Milano Talks About the Joys of Breastfeeding

Listen to the most important stories of the day.

TIME Security

Captain Sully: Pilots Need To Feel Safe Admitting Mental Illness

Chesley B. “Sully” Sullenberger III is a retired US Airways captain, the CBS News Aviation and Safety Expert, speaker, author, and CEO of Safety Reliability Methods, Inc.

We need a system that combines screening, self-reporting—and a healthy dose of realism

Last week’s plane crash in the French Alps was one of the most horrific and disturbing in the history of aviation — certainly one of the worst I have seen during my nearly five decades as a pilot, much of that as an aviation and safety expert.

I can only imagine the grief family members and friends must be experiencing since Germanwings Flight 9525 slammed into a mountainside on March 24, resulting in the death of all 150 aboard.

But I think I speak for many Americans when I say there was also something uniquely unsettling about this tragedy because it appears to have resulted from a deliberate action by the copilot of that flight.

The questions this raises are big ones: How could something like this occur? And what must we do to prevent anything like it from happening again?

Some things are clear: Pilots who are not fit to fly should not fly. Passengers trust that pilots will keep them safe, and thousands of aviation professionals prove themselves competent, reliable, and worthy of that trust many times every day.

The airline industry also has screening processes and an exemplary safety record. The U.S. requires extensive training for commercial pilots, and regular checkups and medical disclosures. Airline pilots are the most scrutinized professionals (much more so than medical practitioners) and for good reason.

But there are areas in which we must do better.

One needed long-term measure is including lavatories inside the cockpit area so pilots do not need to step outside.

Another more immediate measure is to greatly increase the rate of self-reporting of mental health issues, such as depression. Current screening and checkups are not enough, especially given that little screening is done after a pilot is hired.

More than 40 years of experience with safety reporting systems has revealed there is some critical safety information that cannot be gleaned in any other way than self-reporting. And as The Wall Street Journal recently reported, there are limits to what screening can reveal.

Even with required disclosure of disqualifying conditions and doctor visits, and stiff penalties for failure to disclose, self-reporting rates are thought to be low. To correct this, we must remember the vital role of trust in this industry. The public must be able to trust pilots, and pilots must be able to trust that they will be treated justly and not punitively should they develop a mental health problem. Rigid new rules would only keep mental health issues underground, where they can never be solved.

Airline companies, pilots’ unions, and aviation regulators must form an effective partnership so aviation professionals can have the confidence to self-report, get the help they need, and when their condition is resolved, return to work.

In the U.S., we have long enjoyed two airline safety advantages. One is that, until recently, about 75% of newly hired airline pilots were previously military aviators. They proved themselves in the most rigorous, disciplined, and demanding flight operations in the world even before being screened by airlines.

A second is that airline hiring and training standards have been high enough that most non-military pilots have had extensive experience and been screened by multiple employers before being hired by an airline. (The copilot on the Germanwings flight could not have been an airline pilot in the U.S. because he lacked the 1,500 hours of flight experience required to have an Airline Transport Pilot certificate.)

Today, far fewer newly hired pilots now have prior military experience, which means that we need an ever more robust system that combines screening, self-reporting — and a healthy dose of realism.

Depression is a common mood disorder, and we cannot think that because a pilot has not experienced it in the past, he or she never will do so in the future.

I spoke with Stuart Eisendrath, MD, Director of the UCSF Depression Center, who said, “Self-reporting of symptoms is the most important way to diagnose depression.” With appropriate treatment, he added, depression does not have to be career-ending. “But having an open environment to raise the diagnosis of depression is an important step in this process.”

Until 2010, the Federal Aviation Administration took a hard line on mood disorders: One depressive episode could be career-ending. It now takes a more enlightened approach, offering a few more options for pilots to seek treatment. But we must do everything possible to ensure that all the elements that go into ensuring passenger safety fit together within a culture that makes them effective.

Let us move forward in honoring the victims of this tragedy by having a global conversation about how to ensure that all such standards and best practices are complied with in every profession where people’s safety is on the line.

TIME Ideas hosts the world's leading voices, providing commentary and expertise on the most compelling events in news, society, and culture. We welcome outside contributions. To submit a piece, email ideas@time.com.

TIME Security

Airline Captain: Don’t Lose Faith in Pilots

Getty Images

Captain Tom Bunn is a former pilot, licensed therapist, and founder of SOAR, a program that provides treatment for the fear of flying.

Pilots really do deserve your trust

Though it has happened only once in recent years, once is all it takes to destroy trust. In aviation, we know failures are possible. Safety depends on always being prepared and having a backup system for anything that might go wrong during flight. Yet European airlines were not prepared for what happened on Germanwings Flight 9525.

In the United States, when a pilot needs to leave the cockpit, a flight attendant is called in. If the pilot at the controls were to disable the cockpit door’s electronic keypad, the flight attendant could open the door by hand. This simple measure would have made the Germanwings tragedy impossible. This protocol is now being rushed into place.

Intellectually, we can understand that this problem does not exist in the United States. We can recognize that it is being fixed elsewhere. Emotionally, though, the unspeakable has happened. A pilot appears to have intentionally flown himself and 149 passengers to their deaths. Now that this has happened, how can any pilot be trusted? Pilots will be occupationally profiled. We will be viewed with suspicion.

We pilots have lost something that will take time to regain. But there is no need for increased anxiety if the flying public understands this cannot happen again. When we ponder an upcoming flight, it’s as if we open a file folder in our mind titled, “Awful Things That Could Happen To Me If I Fly.” How many crashes does the folder contain? When it comes to anxiety, the fewer the better. Each disaster we bring to mind triggers the release of stress hormones. The more stress hormones, the more anxiety. This crash does not belong in the folder. Once the two-person cockpit rule is fully implemented, a tragedy like this cannot happen again.

To avoid unnecessarily anxiety, reduce the amount of stress hormone released when you think of flying. Cull out the crashes in your file folder that are unrelated to your flying experience. The crash of an airline you first heard of when it crashed doesn’t belong in your folder. A crash in some part of the world where you never fly doesn’t belong in your folder. Nor do crashes of military or private planes.

In time, pilots will regain your confidence. It won’t require a public-relations campaign. Renewed confidence will come via the real thing, such as Captain Chesley Sullenberger’s “Miracle on the Hudson,” or Frontier Airlines Captain Gerhard Bradner’s ordering pizza for 157 passengers when facing a lengthy departure delay due to weather, or JetBlue Captain Scott Burke’s landing at LAX with a cocked nose gear.

Pilots really do deserve your trust. If you’re anxious about the pilots on your flight, ask the gate agent to let you board early. Once onboard, ask a flight attendant to check with the captain to see if you can visit the cockpit while passengers are boarding and say, “Hello.” A few moments face-to-face will tell you everything you need to know.

TIME Ideas hosts the world's leading voices, providing commentary and expertise on the most compelling events in news, society, and culture. We welcome outside contributions. To submit a piece, email ideas@time.com.

TIME Security

Former TSA Head: ‘We Should Take the Germanwings Tragedy as a Warning’

People stand in front of candles and flowers placed in front of the Joseph-Koenig-Gymnasium in Haltern, Germany, March 24, 2015.
Imago/Zumapress People stand in front of candles and flowers placed in front of the Joseph-Koenig-Gymnasium in Haltern, Germany, March 24, 2015.

Kip Hawley is the former administrator of the TSA and the author of "Permanent Emergency: Inside the TSA and the Fight for the Future of American Security."

What do we do against an enemy whose intent remains invisible until it's too late?

Finding meaning or solace in the Germanwings tragedy may prove elusive. We should, however, use this horrifying moment to reflect on whether there are lessons here that could enable us to make corrections in our security strategy. I think that there are at least three points highlighted by this tragedy that are worthy of consideration:

  1. Detecting evil intent before the evil action begins is extremely difficult
  2. Counter-measures designed to stop an attack in progress are less effective than those aimed at disrupting a plot before it is operational
  3. Independent, overlapping layers of security are essential in stopping attacks from unexpected directions

It is not clear yet where the Germanwings crash fits in the taxonomy of “safety” versus “security” incidents; the pilot’s motives are simply not known. But we can imagine the same scenario — one person at the controls, locking everyone else out — playing out with a terrorist in the cockpit and a major city as the crash site. The “safety” mitigation measures here are robust and long-standing. Pilots are carefully vetted and assessed by civil aviation authorities, their airlines, and co-workers. In this case, that was not enough. The “security” measures didn’t do any better in stopping this incident, as the reinforced cockpit door, of the type adopted after 9/11, worked as an unintended hindrance.

Obviously, we all want to trust our pilots; and, of course, in the vast majority of circumstances we can. But we also know that is exactly those “trusted” nodes in our security systems that make us most vulnerable when they don’t act the way we expect them to. The Germanwings tragedy puts this fact directly in front of us.

It is not enough to scale-up background checks to combat insider threats. Pre-9/11 security clearances and law enforcement checks were heavily based on the idea of prior performance predicting future activity. Today’s terrorist or mass murderer knows full well that we still hold to that premise. We can pretty much assume that attacks today will be delivered by people who can and have passed background checks. We do not understand ahead of time what drives people to commit acts of mass violence or terrorism, therefore we cannot isolate the traits that reliably predict them.

What do we do against an enemy whose intent remains invisible until it’s too late? Layers of security that act independently from each other are where we need to concentrate. We must continue our investment in intelligence and all the systems that work together ahead of time that might highlight an anomaly — whether it be psychological screening of pilots and crew or behavioral detection at the airport and on the plane. Teamwork among employees, companies, families, authorities, and passengers is the key. The answers involve people, not more hardware or technology.

One layer of security now under pressure at home is the Federal Air Marshal (FAM) program. Misbehavior by some in the FAM program and a buzz about various personnel grievances do not take away from the fact that FAMs represent the most effective and flexible weapon in TSA’s toolkit. If the equivalent of a FAM team was aboard the Germanwings plane, would the result have been different? Maybe. The point is that FAMs, working undercover in airports, boarding areas, and on flights provide a layer of security that is unmatched as far as stopping unexpected attacks while they are unfolding. VIPR teams, where FAMs are very visible, operate thousands of missions a year throughout the transportation system — again, disrupting a planner who thinks that any part of the network is uncovered. Fix the program, but let’s stop talking about diminishing the role of Federal Air Marshals.

Our security risk environment is at an all-time high. Just because the Germanwings tragedy may not be a classic “terrorist” attack, we should not dismiss it when it comes to evaluating our security framework. We can, and should, take it as a warning and heed its lessons.

TIME Ideas hosts the world's leading voices, providing commentary and expertise on the most compelling events in news, society, and culture. We welcome outside contributions. To submit a piece, email ideas@time.com.

TIME Security

Former NTSB Chairman: ‘We Need Cameras in the Cockpit’

A helicopter flies overhead as rescue workers work at the crash site of Germanwings passenger plane near Seyne-les-Alpes, France, on March 26, 2015.
Laurent Cipriani–AP A helicopter flies overhead as rescue workers work at the crash site of Germanwings passenger plane near Seyne-les-Alpes, France, on March 26, 2015.

Jim Hall is a former chairman of the National Transportation Safety Board.

We need cameras in the cockpit—and two crew members at all times

The tragic crash of Germanwings Flight 9525 has left the world in mourning. The 150 victims hailed from 18 different countries, including the United States. Right now, the families of the deceased and those investigating the accident are urgently trying to figure out what went wrong. One portion of the crucial black boxes, the cockpit voice recorder, though badly damaged, has been recovered and apparently reveals that the co-pilot was responsible for intentionally crashing the aircraft.

Due to the rugged and inaccessible terrain of the crash site and the high speed of impact, investigators are having a difficult time finding the flight data recorder. Unlike crashes over water, when an aircraft crashes over land, the pingers attached to the black box do not assist in locating the device. These black boxes will have to be recovered by rummaging through the wreckage on site.

When investigators do find the flight data recorder, essential details of Germanwings 9525 descent will be available, and a full picture of the crash will be drawn. But because this appears to be an intentional act, we will never truly understand the motive of the co-pilot. There is no black box for the mind.

During my time as chairman of the National Transportation Safety Board, I led multiple investigations into commercial airliners being intentionally flown into the ground. This history of pilots committing suicide by crashing their planes dates back to the Japanese kamikaze pilots in World War II and continues to this day with the crashes of Mozambique Airlines Flight 470 in 2013, EgyptAir Flight 990 in 1999, and SilkAir Flight 185 in 1997. While checking on the emotional state of pilots is imperfect, it does occur. Pilots are screened during the hiring process: The Transportation Security Administration checks applicants’ backgrounds against terror watch-lists. Pilots are asked to disclose suicide attempts or any other psychological problems during their Federal Aviation Administration-mandated yearly physical exams. The FAA also asks doctors to form a general impression of the pilots’ emotional states. But it can be difficult to diagnose and identify emotional problems, especially if a pilot is not forthcoming.

There are two simple solutions to the problem of unstable pilots. The first is a recommendation made by the NTSB 15 years ago and renewed in January: Require cameras in the cockpit. Currently, the cockpit voice recorder allows investigators to listen to the cockpit. But without video, they cannot fully understand the actions of the pilots or make safety enhancements to prevent similar events from occurring in the future.

The second solution is to require at least two crew members in the cockpit at all times. During the crashes of the Mozambique Airlines, EgyptAir, and SilkAir flight, co-pilots compromised the aircraft while their partners left the cockpit, deliberately crashing the aircrafts and leaving hundreds dead. We still do not know what happened to Malaysia Airlines Flight 370, and an intentional crash is possible in that case, as well. In the U.S., standard policy is that a flight attendant enters the cockpit if a pilot steps out. If two members of the flight crew were present in the cockpit, it is possible these tragedies, as well as Germanwings Flight 9525, could have been prevented.

Flying is an extraordinarily safe form of transportation. The United States government and the aviation community have done an extraordinary job of ensuring the safety of the flying public. But the safety of flying is constantly evolving and can always be improved. The Germanwings tragedy manifests a loophole in safety procedures and must be rectified by requiring cameras and two members of the flight crew in the cockpit.

TIME Ideas hosts the world's leading voices, providing commentary and expertise on the most compelling events in news, society, and culture. We welcome outside contributions. To submit a piece, email ideas@time.com.


You’ll Be Freaked Out to Learn How Often Your Apps Share Your Location

using smartphone at night

Most of us are unaware of just how much location sharing is going on with our smartphones.

Even for researchers experienced at examining technology that might be invasive, this warning was alarming: “Your location has been shared 5,398 times with Facebook, Groupon, GO Launcher EX and seven other apps in the last 14 days.”

The warning was sent to a subject as scientists at Carnegie Mellon University were studying the impact of telling consumers how often their mobile phones shared their location and other personal data. Software was installed on users’ phones to better inform them of the data being sent out from their gadgets, and to offer a “privacy nudge” to see how consumers reacted. Here’s how one anonymous subject responded when informed a phone shared data 4,182 times:

“Are you kidding me?… It felt like I’m being followed by my own phone. It was scary. That number is too high.”

Mobile phone users are told about the kinds of things that might be shared when they install apps on their phones, but they have a tendency to “set and forget” the options. That means a single privacy choices, usually made in haste when clicking “install,” governs thousands of subsequent privacy transactions.

“The vast majority of people have no clue about what’s going on,” said Norman Sadeh, a professor in the School of Computer Science’s Institute for Software Research, who helped conduct the study.

But when consumers are reminded about the consequences of choices they make, “they rapidly act to limit further sharing,” the researchers found.

The study covered three weeks. During week one, app behavior data was merely collected. In week two, users were given access to permissions manager software called AppOps. In week three, they got the daily “privacy nudges” detailing the frequency at which their sensitive information was accessed by their apps.

Researchers found that the privacy managing software helped. When the participants were given access to AppOps, they collectively reviewed their app permissions 51 times and restricted 272 permissions on 76 distinct apps. Only one participant failed to review permissions. The “set and forget” mentality continued, however. Once the participants had set their preferences over the first few days, they stopped making changes.

But privacy reminders helped even more. During the third week, users went back and reviewed permissions 69 times, blocking 122 additional permissions on 47 apps.

Nudges Lead to Action

“The fact that users respond to privacy nudges indicate that they really care about privacy, but were just unaware of how much information was being collected about them,” Sadeh said. “App permission managers are better than nothing, but by themselves they aren’t sufficient … Privacy nudges can play an important role in increasing awareness and in motivating people to review and adjust their privacy settings.”

Of course, it’s hard to say if the research participants would have kept futzing with their privacy settings, even inspired by nudges, as time wore on. Sadeh suspected they would not: Privacy choices tend to wear people down. Given the new types and growing numbers of apps now in circulation, “even the most diligent smartphone user is likely to be overwhelmed by the choices for privacy controls,” the study’s authors said.

The findings will be presented at the Conference on Human Factors in Computing Systems in Seoul, South Korea, next month. The research is supported by the National Science Foundation, Google, Samsung and the King Abdulaziz City for Science and Technology.

For now, what can smartphone users do to better protect themselves? It’s not easy. For example: A study by IBM earlier this year found that roughly two-thirds of dating apps were vulnerable to exploitation, and in many cases, would give attackers location information. The AppOps software used in the Carnegie Mellon study used to be available to Android users, but was pulled by Google in 2013. The firm said the experimental add-on to the Android operating system had a tendency to break apps. So Android users are left to manually review app permissions one at a time — not a bad way to spend time the next time you are waiting for a bus. It’s always a good idea to turn off location sharing unless you know the software really needs it, such as map applications. IPhone users have the benefit of privacy manager software, but it doesn’t offer great detail on how data is used, and it doesn’t offer privacy nudges or any other kinds of reminders. A manual review is best for iPhone users, too.

More from Credit.com

This article originally appeared on Credit.com.

MONEY Security

Why Your Smile Might Be Your Next Password

Online services and tech manufacturers are turning to biometrics for verification. You can use your hands, face — even your voice — to log in.

MONEY identity theft

Yahoo Gets Rid of Passwords

Yahoo! screen on mobile phone
Anatolii Babii—Alamy

The tech giant offers a new way to sign into your email account.

If you use Yahoo, you can quit trying to remember your password or having to change it every time a company you do business with is hacked.

The tech company on Sunday announced that it is now offering “on-demand” email passwords that will be sent to you via your cellphone.

The process is similar to “two-step verification” security models already used by other businesses, which requires you to enter a fixed password first, followed by another code sent to you by the company via text message. Yahoo’s system skips that whole first step.

At its unveiling Sunday at the South by Southwest festival in Austin, company vice president Dylan Casey called this “the first step to eliminating passwords,” and said he doesn’t think the industry “has done a good enough job of putting ourselves in the shoes of the people using our products,” according to a report by the Guardian.

The company also released a blog post detailing exactly how to sign up for the optional service, which is currently available only in the United States.

Learn more about why to set up two-factor authentication and how to protect your online money accounts here. And until you do, use this handy chart to create a harder-to-crack password that you can still remember.

Screen Shot 2014-08-06 at 10.06.24 AM

Your browser is out of date. Please update your browser at http://update.microsoft.com