Fast Company

The chain is launching a smartphone app that turns science fiction into reality.

Lowe's may not be where most people would expect to find a cutting-edge augmented reality app.

But later this year, the home-improvement company plans to release Lowe's Vision, an app for Google's 3-D smartphone platform Tango that will let customers visualize how new furniture and appliances will look in their homes. It will even take accurate measurements through augmented reality, which means that you can go from mapping out your room to browsing a filtered selection of Lowe's products without having to put down your phone to wrestle with a tape measure.

"Having those measurements allows you to search by the space," says Lowe's Innovation Labs executive director Kyle Nel. "For instance, if the space in your kitchen for your fridge is only a certain size, why would we show you all of the different fridges that don't fit in that space?"

If Lowe's seems like an unlikely place to find such an app, it may be even more surprising to learn that inspiration for the technology came from a comic book.

According to Nel, the North Carolina-based chain actively works with science-fiction writers and illustrators to turn emerging trends that could affect its business into narratives in graphic novel form, which in-house research teams then use to keep market strategies up to date.

"We hire professional, published science-fiction writers and give them all of our marketing research and trend data," says Nel. "There's a whole rigor and process to this, but then they come back with the probable, possible convergence of people trends and tech trends, and what that might look like."

One such storyline focused on virtual and augmented reality, which led to Lowe's Vision.

"When we did this story, it was way before Oculus Rift came out—this was way, way back when nobody was really talking about VR/AR in any meaningful way," Nel says. "And since then, we've been iterating a number of times to help achieve that vision."

The company previously launched Lowe's HoloRoom, which lets customers in select stores visualize customized bathrooms and kitchens through Google Cardboard or Oculus Rift virtual reality headsets. Customers who used this program could experience holographic virtual remodels through Microsoft's HoloLens platform.

"As the technology's improved, it's gotten so much easier to use and so much more intuitive. And you can see that people are more and more engaged over time as a result of that," Nel says.

In addition to launching the Vision app, Lowe's will also be offering Lenovo's Phab 2 Pro phone, expected to be the first commercially available smartphone that supports Google's Tango technology. This is the first time that Lowe's is selling a cell phone, and Nel says the app's capabilities make the device a natural offering for the store.

"The way we think about it is, it's a digital power tool," he says. "It's an incredible phone, but it does so many things that if you're going to be making a major remodel, spending $500 to really make sure that you're visualizing your space and doing all the measurements, for most people we think it will definitely be worth it."

Since Lowe's Vision relies on the Tango platform's 3D orientation technology, it will only be available for Tango-enabled phones, starting with the Phab 2 Pro. (Google's developer kit models will also work, but those are designed for software professionals, not consumers.) The app will even be able to detect and measure flat surfaces like floors, ceilings, and walls, which should help users visualize—and even price—new tile or other flooring materials, Nel says.

"You can even lay virtual objects on top of that tile or that virtual flooring and just iterate over and over and over again, all while choosing to leave—if you want—the actual existing stuff. So you can go around, like, a fireplace if you want," he says.

And if customers go to a brick-and-mortar Lowe's store, the app will help them navigate the aisles housing the merchandise they've previewed on their phones and provide customer reviews.

Lowe's Vision won't be the chain's last foray into virtual and augmented reality, which Nel says the company is committed to "for the long haul."

"We're at this interesting time where we can build things that nobody would have expected a Lowe's to build or be first in the world with," he says. "Because Lowe's is Lowe's, we have the opportunity to provide these technologies to everyone in a real-world setting."

Questions after the recent bombing in Baghdad underscore the tightrope Facebook walks as it transforms into a humanitarian crisis tool.

Last week, within hours of deadly terror attacks in Istanbul and Dhaka, Facebook activated its Safety Check feature, marking roughly three dozen times that the company has let people in the area of a disaster instantly tell their friends and relatives if they were safe.

But after Sunday's deadly truck bombing in Baghdad, striking a crowded shopping district and killing at least 250, a secondary outrage grew online: Facebook didn't activate the feature for users in Baghdad until the following day, July 4th, at 6:55pm local time.

"The Facebook's safety check-in for Baghdad comes about 30 hours late from the actual explosions," Razbar Sulaiman, a hackathon organizer and UN specialist who lives in Iraqi Kurdistan, wrote in a blog post, echoing frustrations on social media. "Did it seriously take 30 hours after the explosions to create/consider the safety check-in? I'm extremely disappointed."

Initially, a Facebook spokesperson told Politico that the feature was not deployed following the bombing on Sunday, because "she noted the feature is not used during longer-term crises, like wars or epidemics, because such emergencies have no clear start or end, making it difficult to determine when an individual is 'safe.'"

In an email to Fast Company, however, a spokesperson confirmed that Safety Check did roll out in Baghdad on Monday, but that it was triggered due to a feature introduced last month, "community-generated Safety Check," which is intended to initiate the Safety Check process after a critical mass of users are discussing a crisis on the network, rather than requiring an engineer or employee to begin the process.

"In June we began testing features that allow people to both initiate and share Safety Check on Facebook," she said, adding that the Safety Check sent out in Orlando last month after the deadly nightclub shooting there was also community-generated.

Marcy Scott Lynn, of Facebook's Global Public Policy team, added more detail in an email on Wednesday: "While we have improved the launch process to make it easier for our own team to activate more frequently and faster, we believe that we can make Safety Check even more relevant for people when they need and want it most by empowering communities to identify and elevate local incidents."

The new feature—and the confusion about how Safety Check was activated in Baghdad—reflects the challenges Facebook faces as it seeks to play a larger role in humanitarian crises.

Facebook's public issues with Safety Check are a "great example of unintended consequences," says Timothy Coombs, a professor and crisis expert at Texas A&M University."The company is not in the emergency notification business. It is a sideline, not their core business, so we should not expect them to carefully sort through every global event. The community-based idea takes that decision making and responsibility out of their hands."

Safety Check allows Facebook to push a message following a disaster to users who are in the affected area, asking, "Are you safe?"; Their replies are then automatically distributed to their networks and prominently displayed.

The project is managed by Facebook's Social Good team, which organizes a number of other Facebook safety and humanitarian efforts, like a digital Amber alert system and a charitable donation system. A Facebook intern began developing Safety Check at an internal hackathon after seeing Japanese residents turn to social media to communicate with loved ones after that country's 2011 earthquake and tsunami.

So far, about a billion people have received such notifications since the feature was first used in 2014, after the Philippines was struck by Hurricane Ruby, according to the company. Recently it's expanded its use from natural disasters to incidents of terrorism, beginning with the deadly attacks in Paris in November.

"The Safety Check stuff that we've done, where 150 million people were notified of their friends being safe in the [Nepal] earthquake," CEO Mark Zuckerberg told Fast Company's Harry McCracken last year, "you can only do that if you've mapped out what people's relationships are, and you have a sense of where people are in the world, and you have a tool that they're checking every day."

Between January and May 2016, Facebook activated Safety Check 17 times, compared with 11 times in 2014 and 2015 combined. Via Facebook

After deploying Safety Check in response to the attacks in Paris, the company won praise for enabling people to quickly and easily notify their contacts that they were safe. But others criticized Facebook for not deploying the feature when, just a day before the Paris attacks, a pair of suicide bombers killed dozens in Beirut.

"Since we activated Safety Check in Paris, we have heard positive feedback about how reassuring it is to receive notifications that a friend or loved one is safe,"wrote Alex Schultz, the company's vice president of growth, in a blog post last year. "I personally have received several from people I know and love and have felt firsthand the impact of this tool. But people are also asking why we turned on Safety Check in Paris and not other parts of the world, where violence is more common and terrible things happen with distressing frequency."

Schultz and, in a separate post, Zuckerberg, explained that the policy had initially been to use the feature solely for natural disasters, until the company noticed a burst of activity on the social network after the Paris attacks.

"There has to be a first time for trying something new, even in complex and sensitive times, and for us that was Paris," wrote Schultz.

The challenges of running Safety Check aren't just political, but technical. As Facebook has sought to enable the backend to more efficiently locate people in the area of a disaster, the scale and speed required has been a test for the company's infrastructure and automated systems. How, for instance, to push the feature quickly to all the people likely to be in an affected area? "Previous activations have ranged from a small city in Canada with only 60,000 residents to more than 20 million people in Ecuador after an earthquake. We needed an approach that could handle this range of population sizes with both accuracy and speed, but also remain stable and ready to launch at a moment's notice,"engineer Peter Cottle wrote last month.

His team had to figure out how to prevent the system from overload. "While the above process is quite effective in practice, it could quickly schedule an enormous number of jobs, depending on the size of the affected area and the density of the social graph. If we were to assume that each person on Facebook has 500 friends, we could be scheduling more than 125 million jobs after just three levels of graph traversal. To our automated systems, this would look like the job was growing out of control." That meant locating users likely to be affected by a disaster through their social networks—checking friends of those already determined to be in the area—at a rate fast enough to be effective but not so speedy as to overwhelm Facebook's network limits.

Facebook's isn't the only "safety check" for those who've survived disasters: Google's Person Finder and various open source systems that humanitarian organizations can deploy after disasters offer similar services. But the rapidly growing use and scale of Safety Check raises a number of questions, besides when and where its deployed.

"There is a very slippery moral slope in determining what is a disaster, especially from the safe confines of Silicon Valley,"Wayan Vota, a cofounder of ICT Works, a nonprofit focused on international development technology, wrote on the group's blog. "I don't feel comfortable leaving it up to Facebook to decide which disasters are worthy of social media support or not. I would much rather see the Safety Check feature managed or at least influenced by local Red Cross or Red Crescent organizations and government emergency response agencies."

Others have pondered what kind of stewardship a company like Facebook should have over a system like Safety Check. "What if a person registers that they are okay on one service but not another? What if someone marks someone else as safe (a useful option that Facebook provides) based on inaccurate information?"Slate's Lily Hay Newman wondered last year. "And what if you don't want to answer the question 'are you safe?' when you're lying in a hospital bed after a trauma?"

What other unintended effects come from Safety Check notices spreading across the world's largest social network, and following a terrorist attack in particular, is just a matter of speculation for Robinson Meyer, writing at the Atlantic last year. "On the one hand, maybe it's the sole piece of information you need to know after a major attack: "The people you love are safe. You may pay attention to other horrors than these." Or maybe it reinforces terror's message."

Still, some humanitarian groups have come to rely on the tool during crises. "We've had personnel in the vicinity of a couple of incidents, which whether natural or manmade, our personnel will check in which obviously makes a huge difference to us to know everybody's safe and okay," says Rebecca Gustafson, senior advisor for global communications at International Medical Corps.

The group has also worked with Facebook to discuss disaster planning, and Gustafson says she's sympathetic to the trade-offs between declaring a disaster too quickly versus waiting for more information, particularly when an organization doesn't have staff of its own in the affected areas.

"The biggest thing we always say in emergency response is bad information is worse than no information," she says. "People can criticize emergency responders as taking too long, but the tech community moves at warp speed, and I think being able to take this extra beat to say, is this, is this not, is worth it to verify."

Per Aarvik, the Norway-based president of the Standby Task Force, a volunteer-led humanitarian group that coordinates geographical and other information after sudden-onset disasters, issued cautious praise for Safety Check.

"Both Google and Facebook are global powers, and just as government or large corporations, they are obliged to use their tools for good when needed," he said. "And the more they can do it in kind of an unselfish mode, the better, because they have the really sources to go beyond their day-to-day mission during emergencies or times of crisis."

Choosing When To Activate

The new effort to bypass a human engineer or employee at Facebook when deciding to deploy Safety Check is intended in part to grapple with the technical and political challenges of running the world's largest such service. Last month, Facebook made it easier for non-engineering employees to activate the feature.

"Over the past few months, we have improved the launch process to make it easier for our team to activate more frequently and faster, while testing ways to empower people to identify and elevate local crises as well," said the company spokesperson.

After Paris, Schultz said Facebook would continue to evaluate when Safety Check should be used, though he seemed to caution it might not be appropriate for every disaster. For instance, in the case of an ongoing disaster or recurring violence, the company is reluctant to risk letting users tell their loved ones they're safe, only to then be hurt or killed soon after.

"In the case of natural disasters, we apply a set of criteria that includes the scope, scale, and impact," Schultz wrote. "During an ongoing crisis, like war or epidemic, Safety Check in its current form is not that useful for people: because there isn't a clear start or end point and, unfortunately, it's impossible to know when someone is truly 'safe.'"

After the Baghdad truck bombing on Sunday, a spokeswoman for Facebook told Politico that it has worked with the "global humanitarian community" to identify conflict zones where it won't deploy the feature, including in Iraq, Syria, Afghanistan, and Yemen.

Instead, it was by automatically detecting user discussion around the Baghdad bombing that the "community generated" Safety Check kicked into gear. But the alert was only sent out the following day, and amid a torrent of complaints on social media that Facebook was paying more attention to terrorist attacks elsewhere.

A new internal feature implemented last month allows "trained teams" to begin a Safety Check for a given region. Via Facebook

Trending Crises

Facebook has been experimenting with new ways of deploying Safety Check. Last month, the company made it possible for "trained teams" around the globe to deploy the feature without assistance from engineers, and rolled out an internal "Crisis Bot," so technical issues can be more quickly rooted out. (See sidebar above.)

When it works properly, the "community-generated" Safety Check will enable Facebook to defer to the wisdom of its users as to when the feature should be considered, rather than requiring the company's staff to first evaluate situations around the globe to determine whether Safety Check is appropriate.

"Safety Check is just one tool that people use during times of crisis or disaster, and should be seen as a symbol of how important and impactful technology can be in helping people," Marcy Scott Lynn, of Facebook's Global Public Policy team, wrote by email, "but this is still very early days."

This new app might make traditional flash cards obsolete (or at least fun).

While students have been using flash cards to memorize facts and vocabulary at least since the Victorian era, it's no secret that the study tools can be deathly dull.

Hoping to change that is Duolingo, the Pittsburgh-based company behind the popular language learning app of the same name. On Tuesday, the company released TinyCards, a game-like, modern version of flash cards that automatically tracks what users already have learned and even lets users level up, video game-style, as they progress in their knowledge.

"Duolingo redefined the way millions of people learn languages by making it fun, effective and free," said Duolingo cofounder and CEO Luis von Ahn in a statement. "We're excited to bring that experience to flashcards in order to help school kids suffering through memorization for tests. We also hope this will motivate adults to learn new topics to enhance their lives."

For now, the free app is exclusively available for iOS, though the company said on Twitter that versions for other platforms will be available soon.

TinyCards launched with hundreds of illustrated (and frequently adorable) virtual decks on subjects from languages to science. Users are also able to create and share their own decks on subjects of their choice, from wine pairings to characters from Game of Thrones and Pokémon, according to Duolingo.

We live in a world of malware and malicious hackers. So why aren't there more experts trained to fight these threats?

Security breaches and digital attacks are a regular part of the news cycle these days. An even scarier reality is that, according to experts, there aren't enough people trained to fend off these cyber raids.

A frequently cited report from networking giant Cisco estimates that more than 1 million worldwide security jobs sit unfilled. And a 2015 report from ISACA (a body formerly known as the Information Systems Audit and Control Association) found that 86% of polled members agreed that cybersecurity is an understaffed industry. Only 38% felt prepared to deal with a sophisticated digital attack.

"I think the shortage is absolutely dire, and it's one of the bigger contributing factors to the failures of information security that we're seeing over the past several years," says Eddie Schwartz, chairman of ISACA's Cybersecurity Advisory Council and president and CEO of the security firm White Ops.

The scarcity of employees with proper skills began around the turn of the century, Schwartz says. It has been compounded by the focus—by both schools and the industry—on training workers in security basics typically required by corporate compliance standards. Consequently, issues like patching known vulnerabilities and installing firewall and antivirus software take precedence over more complex techniques necessary for fending off modern sophisticated attacks. "Most of these compliance frameworks were not tuned to be able to handle a world of advanced threats," Schwartz says.

Also difficult to find are workers with expertise in so-called white hat hacking techniques, like conducting penetration tests to find vulnerabilities, just as malicious hackers would do. "There isn't a real educational track," says Mike Weber, vice president at the Colorado-based security company Coalfire, where he heads up the Labs Division. "There isn't a real career path to get to that end, to become that guy."

Another challenge is that it's difficult to enter the cybersecurity field straight out of college, since graduates need a certain amount of more general tech-industry experience to learn to identify where vulnerabilities might lay—where rushed engineers would take shortcuts to get a server online, for instance, or to ship an app by deadline.

"The way to be able to identify mistakes is to know where where one would make them oneself," Weber says. "It's really a role of reverse-engineering, and in order to be able to reverse-engineer something, you need to be able to forward-engineer it."

To help fill the demand for security professionals, a number of industry groups, including ISACA and universities, are beginning to offer hands-on training in white hat hacking techniques.

Vermont's Norwich University, known as the nation's oldest private military college, offers graduate level courses and certificate programs in cybersecurity that include instruction in forensics and vulnerability management.

"The penetration testing lab itself was developed a number of years ago in response to a direct request from a large company that wanted us to be able to train their in-house IT people in penetration testing," says Rosemarie Pelletier, program director for the university's information security and assurance master's degree program.

Among the programs' students are often security professionals looking to fine-tune their skills and members of the military in need of training to transition into civilian careers. Few have trouble finding work after graduation. "Those with good skill sets, with good, solid credentials, are snapped up in a heartbeat," Pelletier says.

Offensive Security, the company known for developing the Kali Linux ethical hacking-focused operating system, offers its own training and certification programs that are built around hands-on work, not written exams.

"Our base level, foundational level certification is a 24-hour exam," says Offensive Security president Jim O'Gorman. "You connect into a network that has a certain number of systems. You have a number of tasks that are put in front of you. You either accomplish those tasks or you don't. You write a document explaining those results, and then that's graded based on a predetermined and communicated set of criteria. And then you either pass or fail."

But even as training programs turn out graduates, there still just aren't enough applicants to make up for the overall workforce shortage. And until that changes, many companies will continue to outsource security operations to consultants—or outsource IT operations in general to cloud providers. Giants like Amazon, Google, Apple, and IBM have the in-house expertise to keep their systems safe, and big security companies can make their specialists available to smaller outfits that may only need their services sporadically. The dearth of skilled employees makes it difficult for established cybersecurity companies to staff up—and all but impossible for more modest organizations. "If you're in a small or medium-sized business, you must outsource it," ISACA's Schwartz says. "There's just no way to build these competencies at this point."

Malware apparently used in the attack, and the servers it was configured to talk to, have been previously linked to Vladimir Putin's regime.

As the FBI confirmed that it's investigating the recent hack that led to last week's disclosure by WikiLeaks of tens of thousands of Democratic National Committee emails, multiple leading cybersecurity firms are more convinced than ever that the hack was the work of the Russian government.

The hack isn't the first reported attack by state-sponsored hackers on a government or political party: Germany has previously blamed Russian hackers for a digital attack on its parliament and U.S. officials have alleged that hackers linked to the Chinese government stole documents from both major presidential campaigns in 2008.

But, experts say, this is the first time that such documents have been released to the public in a possible attempt to influence the result of a U.S. election.

"We've never seen anything like this here in the States—nothing like this on this scale," says Rich Barger, chief intelligence officer at security firm ThreatConnect. "I think what we saw on Friday is a game changer."

Barger and others pointed at evidence first analyzed in June by security firm CrowdStrike, hired by the DNC to investigate the breach, which indicated that two Russian government hacking groups dubbed Cozy Bear and Fancy Bear had managed to penetrate the DNC's systems.

"Both adversaries engage in extensive political and economic espionage for the benefit of the government of the Russian Federation and are believed to be closely linked to the Russian government's powerful and highly capable intelligence services," the company said in June.

CrowdStrike and other firms, including Fidelis Cybersecurity and Mandiant, have indicated that malware found on DNC computers appears similar to that found in other attacks attributed to the Bear groups. Thomas Rid, a professor of security studies at King's College in London, also wrote in Motherboard that some of the malware included references to an IP address belonging to a remote control server linked to the attack on the German legislature—something Rid compared to an identical fingerprint appearing in two burglarized buildings.

A CrowdStrike representative declined to comment on the matter beyond what the company has already released.

While the ultimate effects of the hack and any additional disclosures may not be known at least until November's election, last week's leak has already managed to stir up plenty of discord in the Democratic Party. After leaked emails revealed apparent hostility by DNC higher-ups toward the candidacy of Vermont Senator Bernie Sanders, leading to the resignation of DNC chair Debbie Wasserman Schultz, The Daily Beastreported that U.S. officials have privately speculated that the attacks were an effort by Vladimir Putin's regime to help Republican nominee Donald Trump win the White House. Representatives from Democratic candidate Hillary Clinton's campaign were quick to point out the leak came soon after Trump's campaign apparently insisted on changes to the Republican platform seen as favorable to Russia, something the Trump campaign derided as "nonsense."

And while some DNC documents were purportedly leaked by a purported Romanian hacker who identified himself as Guccifer 2.0, security experts have argued that inconsistencies in the hacker's story suggest that Guccifer was himself a fiction created by the real attackers.

The hacker claimed that he was able to gain access to the DNC network by reverse-engineering code from political software vendor NGP VAN, but it's highly unlikely that an outsider would be able to get access to the company's code, since it's a cloud-based service made available to political campaigns, not downloadable binary software, according to a ThreatConnect blog post. And, after conducting a Twitter chat interview with the alleged hacker, a journalist from Motherboard reported that his grasp of Romanian appeared unusually shaky to native speakers.

Russia has previously been accused of fabricating bogus organizations to take credit for state-sponsored hacks, including a group called the Cyber Caliphate that attacked U.S. and U.K. government computers and a French television network, ThreatConnect says.

"Here's what we think is going on: Guccifer 2.0 is leaking purported DNC documents of minimal value to Russian intelligence for possible political points in the U.S. and Russian propaganda at home about the failings of democracy and the West," the company wrote.

Still, not every security expert is entirely convinced that Russia's behind the hack: Jeffrey Carr, the founder of security firm Taia Global and the author of the book Inside Cyber Warfare, argued in a Medium post that the evidence just isn't sufficient to conclusively blame the attack on the Russian government.

"There is only circumstantial evidence which these firms are stamping their imprimatur on as their best guess," he said in an interview with Fast Company.

While he says it's certainly possible that the Russian regime is, in fact, behind the hack, he argues that it's also possible that some other party got ahold of the same malware previously used by Russian agencies, or even took steps to make it seem like the Russians are to blame. Finding a Russian-made rifle at a murder scene wouldn't automatically imply that the killer was Russian, he argues.

"Do you automatically say it must be a Russian shooter or it must be Mr. Kalashnikov himself?" he asks, referring to the inventor of the AK-47.

But, other experts argue, it's unlikely that attackers not affiliated with the Russian state would be able to get access to the particular crafted malware tools its agents typically deploy. Even if they could get access to the software used to infect computers, they likely wouldn't know how to control its obfuscated code or have access to the server code with which it communicates, says Barger.

The Russian government has publicly denied being connected to the attack, seemingly mockingly suggesting that the DNC may have simply have had weak passwords, letting even untrained attackers in.

And while those comments seem intended more as taunts, the ultimate lessons from the DNC attack seem to be the same advice typically given after security breaches: Make sure employees are trained to resist phishing emails, a primary vector for malware, and avoid writing anything in email you wouldn't want made public.

"If they're aren't happy putting it down in writing, then it's probably the wrong approach to something, as was really evidenced by this leak," says Peter Bauer, cofounder and CEO of email security company Mimecast. "This wasn't what we would expect from the DNC, and hence the resignation of the person at the top."

The Olympic Games will be the first use of Logos Technologies' city-wide persistent surveillance system at a sporting event.

When the Olympic Games begin next month in Rio de Janeiro, billions of people are expected to watch athletes from countries around the world compete.

But also watching over the Olympic and Paralympic events will be a set of futuristic, balloon-mounted surveillance camera systems capable of monitoring a wide swath of the city in high resolution and in real-time.

Initially developed for use by U.S. forces in Iraq and Afghanistan by Fairfax, Virginia-based Logos Technologies, the technology is sold under the name Simera, and offers live aerial views of a large area, or what the company calls "wide-area motion imagery," captured from a balloon tethered some 200 meters above the ground. The system's 13 cameras make it possible for operators to record detailed, 120-megapixel imagery of the movement of vehicles and pedestrians below in an area up to 40 square kilometers, depending on how high the balloon is deployed, and for up to three days at a time.

The Brazil sale, which includes four systems operated under an $8 million contract, marks the first export of Simera, and the first time such as system will be deployed by a non-U.S. government at a large-scale event, the company says. "Simera was built late last year and we tested it this past February and then immediately sold four of them to Brazil," says Doug Rombough, Logos's vice president of business development.

Rombough compares Simera to a live city-wide Google Maps combined with TiVo, explaining that it lets authorities not only view ground-level activities in real time but also rewind through saved images to do things like track a suspicious vehicle—for instance, one that departs a crime scene—back to its origin.

The government has announced it will deploy 47,000 security guards, 65,000 police, and 20,000 armed service personnel to patrol the Games, which have raised security concerns amid soaring crime rates in the city and a global burst in terrorist activity. Last week, Brazilian police arrested 12 people alleged to be planning an ISIS-inspired attack on the Games, which have been said to be a target discussed in jihadist chat groups.

The system evolved from technologies Logos previously supplied to the Defense Department for use in combat zones, including the Constant Hawk aircraft-mounted surveillance camera system and Kestrel, a similar balloon-mounted sensor system that's been used in Afghanistan to monitor activity near about a dozen U.S. bases.

There, the company says the technology helped U.S. troops monitor potentially threatening activity as it evolved over days, enabling officials, for instance, to track the movement of suspicious vehicles in the vicinity of an attack. But as Logos's technology continues to evolve and become easier and cheaper to deploy in civilian scenarios, it's likely to raise more questions about the appropriate balance between security and privacy.

Over time, the company's sensor systems have become lighter and easier to deploy: Early Constant Hawk systems weighed about 1,500 pounds, Kestrel units weighed around 150 pounds, and Simera systems just 40 pounds, expanding the range of aircraft that can carry the devices. Including the ground-based equipment necessary to control and monitor the cameras, the Simera system—which generally costs $500,000 to $900,000 per unit, depending on features— can be transported in a single vehicle and put into an operation in under three hours, according to Logos.

And as the company's systems have gotten lighter in weight and easier to deploy, the range of potential use cases has expanded. In addition to policing large events and patrolling borders and ports, the company hopes its system could prove useful in supporting humanitarian assistance and disaster relief missions.

A 2013 video describing the Kestrel system

"We see Simera not only being used for the Department of Defense but, we believe, event security, disaster relief, or even protecting wildlife from poachers in national parks," says Rombough.

In 2012, a weeklong test of Kestrel's potential by the Department of Homeland Security led to 80 arrests near the Mexican border in Nogales, Arizona, the company said. The company has also recently been testing Redkite, a smaller sensor system designed for mounting beneath small planes, helicopters, and tactical unmanned aircraft, and, Serenity, a system that includes an acoustic sensor and can be mounted on drones or on lower-altitude towers.

The Simera systems will likely be deployed outside four Olympic venues, Rombough says, though Logos won't be involved in the day-to-day operations of the units, which are being deployed by Brazilian Ministry of Justice contractor Altave. Operators will be able to monitor multiple camera angles at once—the system can provide up to 10 video windows within its field of view, and Rombough says operators can generally pay attention to data from up to about eight feeds at any given time. As many as six users can watch different parts of the full captured image as if they were independent Pan, Tilt, and Zoom (PTZ) cameras, and use a DVR-style rewind feature to scan through up to eight hours of cached footage, says Logos. (The Simera systems omit some infrared night-vision capabilities that were available in military models, making it easier to sell outside the U.S. under export control rules.)

Generally, Rombough says, Simera's only limiting factor is the time that a balloon or aerostat can stay in the air—typically up to three days before more helium is required—and the weather. "The most important part for us to make sure that our sensor can handle more turbulence and winds and that type of stuff than the balloon itself can handle so we're not the restricting part of that type of system," he says. "If the balloon can stay up itself, then we're able to stay up and provide good imagery."

While the image clarity from Simera's sensors is good enough to follow individual people and vehicles as they move about the city, it's not high enough resolution to make out individual faces or license plate numbers, Rombough says. However, a higher resolution video camera attached to the same balloon, which captures images at 60 times that of full HD resolution, or 15 times 4K, at three frames per second, will allow operators to get a closer look at anything or anyone that looks suspicious.

"It's good enough to track people on the ground, and of course to track vehicles, and at any given time, if you see something suspicious, and you want a closer look, that's when you cue that full-motion video camera system that hopefully is flying on the same balloon or aerostat with you," he says.

When it comes to privacy concerns, Rombough says it's ultimately up to the operating agencies to follow applicable rules about what's allowed. "I guess it's like any Homeland Security or law enforcement tool—these systems will be subject to the government rule and regulations, and we'll let the appropriate agencies deal with that," he says. He argues the systems are only monitoring outdoor, publicly visible activities that could already be tracked with existing tools like police helicopters.

Still, courts and privacy activists have wrestled with the privacy implications of other technologies that make widespread, mass surveillance more practical and inexpensive. Simera and similar systems would seem to make monitoring wide swaths of cities much easier than would be possible with circling helicopters.

Jay Stanley, a senior policy analyst at the American Civil Liberties Union who's written in the past about drone-based surveillance, says the privacy risks from deploying the technology in a U.S. city would simply be too great to justify its use.

"It's a tremendously powerful surveillance technology that has the potential of monitoring the whereabouts of everyone in a town or city, and that is just too much power to allow the government to wield," he says. "While every technology has its benefits, at a certain point we say no, because the privacy invasion is too significant."

Stanley says it's not entirely clear how courts would rule on domestic police use of such a tool, since most laws haven't been written with such technology in mind, though he says it's possible courts would consider such surveillance an unconstitutional search, citing a 2012 Supreme Court ruling that police GPS tracking of a private vehicle requires a warrant. And, he says, a plan by a Utah police department to monitor high crime areas from an unmanned blimp was denied by the Federal Aviation Administration, saying the "nocturnal surveillance airship" was too much of a risk to other aircraft.

But with security concerns on the rise across the globe, Rombough says the company's exploring a wide variety of business opportunities.

"We've kind of got fishing lines in the water in a lot of different areas," he says. "We kind of believe this is a kind of technology, as the world continues to be in upheaval security-wise, that people are gonna want this more and more."

Updated: July 27, 2016 11:53 am

Phishing In An Olympic-Sized Pool

Olympics fans will be seen as a lucrative target for email phishing attacks, just because there are so many of them, warns Fischer. One avenue will be scammers selling counterfeit tickets to those planning to attend the Games—something security firm Kaspersky reported finding online this spring.

"On phishing websites users have been asked to provide personal information—including bank account details—to pay for the fake Olympic Games tickets," the company warned. "After extracting this information, criminals use it to steal money from victim bank accounts. To sound even more convincing, fraudsters are informing their victims that they will receive their tickets two or three weeks before the actual event."

In a report published last week, the U.S. cybersecurity research firm Fortinet warned of a recent surge of suspicious websites in Brazil. "The volume of malicious and phishing artifacts (i.e., domain names and URLs) in Brazil is on the rise," the company wrote. "The highest percentage growth was in the malicious URL category, at 83 percent, compared to 16 percent for the rest of the world."

Fraudulent emails and social media posts will also likely offer links to video clips, downloadable apps, games, and other content that can distribute malware to those watching from home, security experts say. That's happened at past major sporting events, like when phishing attacks targeted soccer fans around the 2014 World Cup. Security experts also reported similar phishing attempts revolving around that year's Winter Olympics in Sochi, Russia.

"All of these are looking at scamming you in some way to get personal data or to get access to your machine," Fischer says. "Ransomware is the big thing right now—I think we'll see a lot of phishing scams that will either direct you to downloading a piece of malware or running a piece of malware out of the email."

Email scammers may also invite fans to gamble on the Games, with criminals themselves betting that those trying to place illegal wagers will be less likely to call police if something goes wrong, says Samir Kapuria, senior vice president of Cyber Security Services at Symantec.

Some security software, including Kaspersky's, has already begun to filter out bogus domain names with strings like "rio2016" in them, and even users not using such software can take basic precautions, like questioning any offers that just seem too enticing.

"The first thing is to just be aware that these things exist," says Kapuria. "If something looks too good to be true, it likely is too good to be true."

Bank card readers and ATMs are yet another vulnerability, IT security firm Trend Micro has warned. In one scheme, chip-and-PIN machines—long used in Europe and often considered secure—can skim information from chips and the four-digit PINs that cardholders enter. In another scheme, a card fitted with a doctored chip can insert malware into legitimate card readers, which transmits future card information and personal data to thieves, who can quickly clone the cards. Another common scheme in Brazil involves so-called Chupa Cabras, plastic skimmers inserted into the card slots of ATMs.

Last year, 49% of Brazilians reported experiencing some kind of credit card fraud—an annual jump of 19%. Only Mexico beat Brazil, with a card fraud rate of 56%, according to a survey by ACI Worldwide and the Aite Group; the U.S. is in third place with 47%.

Last week, a reporter for a North Carolina newspaper reported that his card was hacked immediately after using it at the gift shop at the IOC press center. And on Friday, two McClatchy reporters in Rio said their cards had been hacked and cloned soon after arrival.

Visitors also shouldn't accept any kind of promotional USB sticks distributed by advertisers, since they can also carry malware, warns security company Tripwire. "Putting an unknown USB stick into your device is simply asking for trouble," says a statement from the company.

Watching Out For Counterfeit Hotspots

Fans attending the Games will inevitably want to share selfies or just get some work done while in Rio, meaning they'll be searching for Wi-Fi hotspots to let them get online. Criminals are likely respond to that impulse by setting up rogue Wi-Fi access points that surreptitiously log activity and data, including unencrypted usernames and passwords, or even inject malware into web traffic, warns Fischer.

"[They'll] be able to capture all the traffic and read it as it's going through or analyze later to extract usernames and passwords," he says.

In an analysis last month of over 4,500 unique wireless access points around Rio, Kaspersky found that about a quarter of them are vulnerable or insecure, protected with an obsolete encryption algorithm or with no encryption at all.

Secure and insecure Wi-Fi hotspots in Rio, according to a July analysis by Kaspersky Labs

During last month's Republican National Convention in Cleveland, security firm Avast Software tested attendees' awareness about Wi-Fi security by setting up access points with a mix of pro-Republican network names and others mimicking brands like Starbucks and AT&T. More than 1,200 people connected to the networks, which could have put them at risk had the hotspots been set up by someone malicious, the company said.

Olympic officials might be able to detect and shut down any rogue access points that pop up at event sites themselves, but it would be considerably more challenging for them to do so everywhere tourists would gather, says Fischer. "The problem lies with when it's actually going to outside the event perimeter."

Those who do use open wireless access points can help keep themselves safe by using virtual private networks, which will encrypt traffic even before it passes over the air to reach the access point, says Kapuria.

"If you're using an open Wi-Fi, a VPN is the right way to encrypt your traffic and make sure that's secure," he says.

Stockholm-based wireless technology provider Aptilo Networks has said that it's working with telecom companies to provide wireless connections at Olympic venues, transportation hubs, beaches, and cafes in the Rio area. The company has said that it's taking steps to ensure security and suitable bandwidth for those visiting for the Games, though it wasn't able to make someone available for an interview to discuss those steps in detail. Brazilian telecom company Linktel has said it's working with Aptilo and with international Wi-Fi carriers like Boingo and AT&T to let their subscribers connect to its network with their own credentials.

Messing With The Games Themselves

It's also possible that activist hackers or other digital miscreants will try to tamper with the infrastructure surrounding the Games themselves.

"The biggest [attack] they'll have is potentially someone trying to do a denial of service," says Fischer. That is, someone may attempt to disrupt the networks officials use to communicate scores and other data in an effort to disrupt the tight event schedule, he says. One possible attack would be to jam official wireless networks, or to inject data packets that force the networks to repeatedly disconnect, making it hard for data to get through.

Denial-of-service attacks often rely on botnets, servers that have been commandeered by hackers to overwhelm computers with data requests. According to Symantec's 2016 Internet Security Report, "Brazil was one of the top 10 countries for Botnet attacks."

"If you do a denial of service, you're going to disrupt the games, and that's going to look bad, and have more impact that anything else," says Fischer.

Ideally, organizers will be able to log those types of attacks, and use signal detection hardware to find where the rogue broadcasts are coming from, he says.

In a statement to Bloomberg, Atos SE, the France-based information technology partner of the International Olympics Committee (IOC), said that cybersecurity is a "priority" and that it "has implemented the latest cybersecurity technologies to protect the games IT infrastructure and systems."

Related Video: Are The Olympics Really Worth It?

A new cybersecurity approach could keep your data safe.

The program coordinator at the Catholic Charities of Santa Clara County in California never suspected that an email she received earlier this year contained anything more than the corporate invoice it claimed. But as soon as she opened the attachment, malware began to encrypt data on her computer. The breach threatened to expose far more than just her personal files: In order to provide its customers with health care, immigration assistance, and other social services, Catholic Charities handles the medical and financial records of more than 54,000 people each year. Of all the cybersecurity systems—including firewalls and antivirus software—that the nonprofit had in place to shield those sensitive documents, only one flagged the intrusion.

The security breach was detected by the flagship product created by Darktrace, a U.K.-based cybersecurity company founded in 2013. Just days before the malware attack, Catholic Charities had begun testing Darktrace's pioneering new technology, the enterprise immune system (EIS).

Modeled after the human body's immune system, the EIS embeds in a computer network and learns what behavior is considered normal for that system. It can then spot suspicious activity and even work to slow an attack, just as the human immune system releases antibodies at the first sign of invasive cells.

Darktrace's immunity approach represents a compelling new take on cybersecurity. The $75 billion industry is under mounting pressure to evolve beyond traditional methods as dated systems have failed to prevent high-profile hacks on major businesses. With attackers increasingly relying on fast-moving algorithms to carry out highly sophisticated security breaches—such as those that have recently compromised major universities and hospitals—Darktrace is responding in kind, creating complex formulas that allow machines to continuously scan entire networks and register anomalies that other advanced systems may overlook. Its technology, built in part by former members of the British Intelligence Agencies MI5 and GCHQ, is intended to support—and enhance—existing systems.

Self-defense

How Darktrace Halts A Hypothetical Ransomware Attack

Breach

An HR employee opens an attachment believing it is a résumé. His computer connects to a server in Eastern Europe; ransomware begins encrypting files.

Recognition

The EIS spots an anomaly: No device in the company's network has ever connected with this server.

Reaction

As ransomware encrypts documents, Darktrace flags the employee's computer for accessing so many files.

Response

Antigena, Darktrace's system for slowing attacks, limits the number of files the employee's computer can open and blocks its access to shared folders and corporate email.

Notification

Within a half-hour of the breach, a Darktrace analyst sees the activity and tells the company to remove the computer from the network. Some of the computer's files have been compromised, but the ransomware did not spread through the network.

Where most cybersecurity companies focus on teaching their technology to recognize the digital footprints of malware (which can quickly become outdated as new attacks emerge) or building firewalls to block intruders, Darktrace takes a more hands-off approach. Rather than rely on humans to feed them specific examples of suspicious behavior, its algorithms train themselves to find abnormalities—a technique that's known as unsupervised machine learning.

"The concept of Darktrace says that [as attacks become more sophisticated], you're not going to be able to keep the bad stuff out," says Vanessa Colomar, a member of Darktrace's board of directors. It's far more effective to figure out how to stop attackers once they're in. CEO Nicole Eagan says the EIS has been deployed in more than 1,000 networks worldwide, with clients ranging from a two-person hedge fund to a global bank. Once the hour-long installation is complete, the EIS searches for new threats while also examining the network for existing breaches. "Within the first and second weeks, we find things out of the ordinary in about 80% of the Fortune 500s we're deployed in," says Eagan. "It's things their legacy tools totally missed."

That success has helped accelerate the three-year-old company's growth. Of the companies that have registered for its 30-day free trial, about two-thirds have become paying customers. The company, valued at $400 million, now has 20 offices, including outposts in New York; Hong Kong; Warsaw, Poland; and Milan.

Darktrace's use of unsupervised machine learning comes with certain benefits: Since there are no assumed rules about what a hack looks like, attackers can't simply tweak their code to dupe the system. And since the EIS operates as an observer, there's no barrier that hackers could try to disable.

"What we're really passionate about is that there's no one algorithm that rules them all," says Dave Palmer, Darktrace's director of technology. "We've got a dozen different machine-learning techniques, all fighting to be the best representation for your specific setup."

Not everyone agrees that unsupervised machine learning is the best approach to cybersecurity. Supervised learning—the technique used by anti-spam filters, in which algorithms are taught to discern between junk mail and the real thing—can help eliminate false positives that sometimes result when an unsupervised system reacts to a routine change within a network. (For example, an algorithm might notice that data is suddenly being transferred to Dropbox and flag it as a security violation, when in fact the company just added Dropbox as an official storage tool.)

Avoiding such confusion is why some security companies take a hybrid approach of supervised and unsupervised machine learning. PatternEx, which launched in February, uses unsupervised learning to scan for abnormalities, then presents its data to a human analyst to distinguish true attacks from false positives. In a recent study, researchers from PatternEx and MIT found the system caught 85% of attacks, while delivering fewer false alarms than unsupervised learning alone. There hasn't been a similar lab study completed on Darktrace, though Eagan says her system—despite being totally unsupervised—typically generates five to 10 alerts per client per week.

Eric Ogren, a senior analyst at IT advisory firm 451 Research, says that most businesses will likely opt for the headache of false positives if it means a more secure network. "What's the bigger risk, that you chase down a false positive, or that someone makes off with your customer data?" he asks. "I think that within five years, unsupervised machine learning is going to be driving security architecture."

Related Video: How to protect your cell phone from hackers.

Can machine learning help government agencies track down terrorists? A secretive arm of the business intelligence firm SAP says yes.

A specialized division of the business software powerhouse SAP (System Application Products) is building tools to harness machine learning and artificial intelligence for antiterrorist intelligence missions and cybersecurity—though details of how exactly the software has been used are shrouded in secrecy.

SAP National Security Services, which describes itself as an independent subsidiary of the German-based software giant that's operated by U.S. citizens on American soil, works with homeland government agencies to find ways to track potential terrorists across social media.

"One [use] is the identification of bad actors: People that may be threats to us—people and organizations," says Mark Testoni, president and CEO of SAP NS2, as the company is known. "Secondarily, once we've identified those kinds of players and actors, we can then track their behaviors and organizations."

SAP NS2 is also working with cybersecurity firm ThreatConnect to use some of the same underlying technology to track intruders and menaces in computer networks in real time, the companies announced this week.

And in the national security sphere, NS2's government partners—Testoni says he's not at liberty to name specific agencies—use SAP's HANA data processing platform to analyze thousands of terabytes of data from social media and other public online sources.

"There have been success cases, I can tell you," he says. "Unfortunately, I can't tell you about any of it."

Many experts have argued that social media has been key to the rise of ISIS and the spread of support for the organization around the globe. Democratic presidential nominee Hillary Clinton is one of the politicians who has called on social network operators to take down extremist content, and agencies including the Department of Homeland Security have recently sought to study the technical aspects—and legal and privacy ramifications—of tracking publicly accessible social posts.

In 2003, federal plans for a massive global digital surveillance program dubbed Total Information Awareness came under heavy scrutiny due to privacy concerns, and the project was eventually defunded by Congress. But critics have said similar surveillance programs quietly continued at agencies, including the National Security Agency, with a level of secrecy that makes it difficult to judge their effectiveness or potential privacy violations.

In the case of SAP NS2, the underlying HANA system is designed to store huge quantities of information in memory, rather than on disk, for speedy access and processing. It organizes data by columns storing the same type of information from different records, rather than by rows corresponding to individual records, a time-and-space-saving technique shared by big data platforms from other vendors including Amazon and Oracle.

It also includes features for network graph analysis, automated machine learning, and sophisticated text processing that can extract meaning from written language, including online posts, according to Testoni.

This is useful when it comes to monitoring potential terrorists. "They're online communicating to their followers and recruiting using social media and digital platforms, so that kind of sentiment analysis is helpful in identifying those platforms and tracking them," Testoni says. "We're trying to help identify threats with customers, and once we find them, and we identify people and organizations, then it becomes a little bit easier because then you can potentially track them."

The tools can help analysts detect relationships between suspects and track data from multiple sources in real time, flagging anomalous patterns or feeding risk models that identify potential threats, the company says.

"You'd be looking for activity on social media, either known or potentially known accounts and others, and establishing the other connections that may be associated," says Testoni, adding that one partner tracks about 30 online sites in several languages.

According to the company, a HANA-based system has proven powerful enough to parse a large set of simulated military documents, extracting the people, places, and events described in them.

For ThreatConnect, HANA provides processing speed that helps clients keep track of potential security-related events happening on their networks in real time, while also reducing the number of false alarms about harmless noise, says the company's cofounder and CEO, Adam Vincent.

"It allows our software to be effectively super-powered around faster and more sophisticated analytics," Vincent says. "In particular, the ability to process more data in real-time and do real-time analytics on incoming events, so that we can filter out the noise faster. Most organizations today are getting tens of thousands of alerts every day—humans can't possibly comb through them all."

ThreatConnect's systems, which the company has integrated with HANA through a collaboration with SAP NS2, can help clients track cybersecurity the way such tools as Salesforce manage customer relationships. Ideally, they can replace more ad hoc methods that can leave security personnel struggling to stay up to speed, particularly as many companies are grappling with a skills shortage.

ThreatConnect also functions as an "expert system," effectively automating the thought processes that humans go through to determine which network activities are threats. This service will improve as the company integrates HANA's machine learning support.

Says Vincent, "What we're trying to do with this product is help the security professional do their job faster, and there's never been a time when that was needed more than it was today."

Related Video: How to protect your cell phone from hackers.

A combination of complex legacy computer systems and strict uptime requirements make more of these disruptions almost inevitable.

After a data center outage caused Delta Air Lines to cancel more than 2,100 flights this week, Delta CEO Ed Bastian said the company's doing everything it can to make sure such an event never happens again.

"This isn't the quality of service, the reliability that you've come to expect from Delta Air Lines," he said in a statement, after the company offered $200 vouchers to customers whose flights were canceled. "We're very sorry. I'm personally very sorry."

But experts say the airline industry's legacy computing systems, 24-hour uptime requirements, and difficulties attracting top technology workers could make preventing future similar outages a major challenge.

"The airlines are dealing with a hodgepodge of equipment that's been cobbled together over the years," says George Hobica, the president of Airfarewatchdog.

Industry mergers have meant airlines have interlinked systems, sometimes decades old, from a range of legacy carriers, all without the luxury of ever shutting down their systems for maintenance, he says. While other businesses can occasionally shut down their computer systems for scheduled or even emergency maintenance without a public outcry, airlines simply can't track passengers, baggage, planes, or crew without their technology systems, he says.

"In order to fix the No. 2 [New York subway] line, the MTA sometimes has to shut it down," Hobica says, but airlines never plan to ground flights or shutter reservation systems to do upgrades or maintenance. And they're also competing with technology companies that can often offer more pay and prestige to hire workers with the skills to keep tech systems up and running, he says.

"Good IT talent is really hard to find," he says. "And if you're a superstar, are you gonna work for Delta because you get free flights now and then, or are you gonna work for Google or Facebook, or a billion dollar startup that is giving you stock options?"

And, says Joseph George, vice president of global recovery services at Sungard Availability Services, air travel can be a particularly unforgiving field when it comes to computer problems: Outages in a variety of systems can make it difficult to check in customers or dispatch planes, quickly wreaking havoc for the traveling public and costing airlines huge amounts of money.

"They've got more mission critical customer facing applications, so when there is downtime it's immediately obvious," he says.

Delta attributed the service disruption to a fire in an uninterrupted power supply component, which led to a power outage at the airline's main Atlanta data center that wasn't properly handled by the airline's backup systems.

"Around 300 of about 7,000 data center components were discovered to not have been configured appropriately to avail backup power," the company said. "In addition to restoring Delta's systems to normal operations, Delta teams this week have been working to ensure reliable redundancies of electrical power as well as network connectivity and applications are in place."

But similar service issues, attributed to different technology failures, have affected other airlines in recent months: A router issue led to the cancellation of more than 2,000 Southwest Airlines flights just last month, reportedly costing the airline more than $54 million, and similar issues caused widespread disruptions for United Airlines and American Airlines flights last year.

"It seems like the redundant systems are not working," says Billy Sanez, vice president of marketing at travel search engine FareCompare.

One issue, he says, is that airlines' flight networks are so intertwined that any disruptions to service quickly cascade through the country or even the world. With planes scheduled to make multiple stops throughout the day, a cancelled takeoff can lead to two or three more cancellations at the aircraft's next destinations. And while airlines may be able to operate a limited schedule without computer systems, operating a full slate of flights with pen and paper just isn't practical, he says.

"You can do it manually, but instead of doing thousands of flights a day, you can probably do a hundred a day," Sanez says.

The bottom line, he says, is that travelers shouldn't be completely surprised to see flights grounded by computer problems in the foreseeable future.

"As passengers, you always have to be prepared for things like this," he says. "No meeting is too important. No vacation can't be rescheduled."

Related Video: How to protect your cell phone from hackers.

So-called "overlay malware," which impersonates other apps' login screens, is becoming increasingly prevalent.

For years, security firms have warned of keystroke logging malware that surreptitiously steals usernames and passwords on desktop and laptop computers.

In the past year, a similar threat has begun to emerge on mobile devices: So-called overlay malware that impersonates login pages from popular apps and websites as users launch the apps, enticing them to enter their credentials to banking, social networking, and other services, which are then sent on to attackers.

Such malware has even found its way onto Google's AdSense network, according to a report on Monday from Moscow-based security firm Kaspersky Lab. The weapon would automatically download when users visited certain Russian news sites, without requiring users to click on the malicious advertisements. It then prompts users for administrative rights, which makes it harder for antivirus software or the user to remove it, and proceeds to steal credentials through fake login screens, and by intercepting, deleting, and sending text messages. The Kaspersky researchers call it "a gratuitous act of violence against Android users."

Overlay malware screenshots via Security Week

"By simply viewing their favorite news sites over their morning coffee users can end up downloading last-browser-update.apk, a banking Trojan detected by Kaspersky Lab solutions as Trojan-Banker.AndroidOS.Svpeng.q," according to the company. "There you are, minding your own business, reading the news and BOOM!—no additional clicks or following links required."

The issue has since been resolved, a Google spokeswoman said in an email, adding that there's no indication the attack ever affected more than one website. The company has said in the past that it works to block malware attacks from third-party ads distributed through its networks. The effort has become increasingly critical as Google and other advertising networks try to dissuade users from filtering out ads altogether with adblocking tools, which also aim to reduce ad-delivered malware and the web beacons used to track users across websites.

Researchers from Kaspersky have reported a 15.6% increase in the number of financial malware in the second quarter of 2016, compared to the previous quarter, as well as a continuing .

Beware Of Sideloading And Malvertising

The creators of such malware can charge would-be fraudsters thousands of dollars on underground hacking marketplaces for mobile malware tools that deploy such bogus login pages, often in conjunction with other features like the ability to intercept SMS messages, according to research by Limor Kessem, an executive security advisor at IBM Security.

Attackers then send phishing-style SMS messages to mobile users to encourage them to install apps containing the malware, sometimes even soliciting their phone numbers through pop-up messages on PCs in order to send a link to the malicious apps, she tells Fast Company.

"It's usually some sort of social engineering that would get them to install this application," Kessem said, though users should also be concerned about the rise in ad-distributed malware, sometimes called malvertising.

"Due to the popularity of malvertising and the ability of cybercriminals to exploit ad networks even on very well known websites... this vector is increasingly potent," she said. "Security professionals often recommend disabling/blocking ads to reduce the risk of drive-by infections."

When a phishing link is sent via text, it might be a bogus notification about a package delivery that needs to be tracked through a specialized app, an invitation to participate in an app-based poll, or anything else attackers can think up, said Jimmy Su, director of threat research at security firm FireEye. And if the phishing messages are effective enough, the malware can more than pay for itself.

One malware maker recently raised prices from $5,000 to $15,000, not including monthly service fees, after adding new features, according to Kessem.

"The initial version of this from last November was distributed on a Russian hacking forum, and they were advertising a service where they would charge a certain amount of money per month to provide this command-and-control [server] where they would store the logins and the passwords, and also the customization of the application," said Su. "Then we can see that these kind of logins and passwords can be purchased on the black market, and that's how the cycle of the economics works."

Screenshot of Svpeng trojan, via Kaspersky Labs

Generally, attackers have targeted phones running Google's Android operating system, which has a larger user count than Apple's iOS platform and makes it easier to install apps from outside the official marketplace—a practice often called sideloading.

"We've seen some malware on Google Play and on iTunes," said Domingo Guerra, cofounder and president of mobile security company Appthority. "However, for the most part, Apple and Google do a good part of removing it from the app stores."

So far, overlay malware has mostly targeted users in Europe and Russia, but there's no reason to think it won't become more prevalent in other markets, including the U.S., Su said.

"Both the localization and category of apps are going to expand," he said. "We already see localizations for particular countries and it will be customized for that particular language."

How To Stay Safe

For the most part, experts say, the best ways to stay safe from mobile malware and phishing attacks are similar to techniques users are hopefully already using to keep their PCs safe from hackers. Those include keeping operating systems up to date as much as possible, removing unused apps that could house vulnerabilities, and being wary of any kinds of unsolicited links or downloads.

"The same rules of hygiene and security hygiene apply in the PC and the mobile device," said Kessem.

Users should be particularly wary of any invitations to install apps from outside of official app stores, said Guerra. "Every legitimate app is going to be on Google Play or on iTunes," he said.

The trouble is, users not accustomed to smartphone malware may be at risk for infection until it sinks in that mobile devices are ultimately just as much a target for attackers as laptop and desktop computers, he warns.

"I unfortunately think it's going to get worse," he said. "As users, we're not thinking of these as computers, so we kind of trust it more than we should."

Related Video: Inside The Secret World Of Code-To-Code Combat

Smarter technology could make farms more efficient and food tastier, though environmentalists argue none of it is guilt-free.

During the 20th century, advances in fertilizers, irrigation, and mechanized farming technology helped make it possible to feed a dramatically growing world population.

Now, advocates say, the next big advance in agricultural technology may come from the digital world, as modern computer vision, precision sensors, and machine-learning technology help farmers use last century's advances more efficiently and precisely to grow healthier and tastier food.

"We're at the cusp of this next wave of innovation in agriculture, which we call digital agriculture," says Mike Stern, the president of The Climate Corporation. "It has to do with, over the past five to seven years, the farm really digitizing, not unlike how our society has changed in terms of the tools and types of things we can do."

The Climate Corp., which was purchased by agriculture giant Monsanto for roughly $1 billion in 2013, is one of several companies working to build a digital analytics hub for farmers, merging images from satellites, drones, and cameras, as well as readings for everything from soil thermometers to tractors' on-board computers. That can help growers better understand what's happening on their farms and let predictive algorithms guide more precise applications of seeds, water, pesticides, and fertilizers.

"In the Midwest, when corn is growing, we have a fair amount of cloud cover, and satellites have trouble seeing through clouds, so that's a problem because all of a sudden, a grower can only see a part of the field from one image to the next," says Sam Eathington, Climate Corp.'s chief scientist. "We've developed, using some machine-learning techniques, a way to bring together multiple images and remove the clouds and cloud shadows that a grower would be seeing in the data in the specific field."

Just this week, the company announced that it's opening its platform to allow other sensor manufacturers to contribute data more easily, starting with high-resolution soil sensor data from Kansas-based Veris Technologies.

The market for digital "precision agriculture" services is expected to grow to $4.55 billion by 2020, according to figures from research firm Markets and Markets, though the push to bring the Internet of Things onto the world's farms hasn't been without its critics. According to a 2013 report in the New Yorker, Climate Corp.'s founders came under heavy criticism for the decision to sell to Monsanto, a company that's long been controversial for its intellectual property policies and involvement with genetically modified crops.

And the American Farm Bureau Federation, a farming industry group, has cautioned farmers to make sure they understand how their data is stored by digital providers. The Farm Bureau has recently worked with tech providers, including Climate Corp., to formulate rules and industry data-sharing arrangements designed to make sure farmers can control how their information is used and potentially migrate it to new providers.

"Tractors, tilling equipment, planters, sprayers, harvesters, and agricultural drones are increasingly connected to the Internet,"the group said in March. "Farmers don't always have the ability to precisely control where that data goes, nor transfer it from one data processor to another."

But agriculture tech companies generally say their goal isn't just to make money, or even help farmers boost their own profits. They're also trying to help feed a still-growing world population as climate change disrupts farms and populations, and expanding middle-class societies around the world purchase more food. That could require doubling world food production by 2050, experts told the United Nations in 2009, something advocates of digital agriculture say may only be possible through data-driven efficiency.

"Basically, the production we're getting out of our food crop today is actually not keeping pace with the pace we need to double prediction by 2050," says Lance Donny, the CEO of Fresno, California-based OnFarm.

Like Climate Corp., OnFarm aims to process and combine data from a variety of sources: Donny says the company serves several hundred farms, with an average of 160 incoming data streams each. Farmers traditionally ran processes like irrigation based on the calendar, watering a certain amount at certain times, or based on their own observations—"I look out and I drive the field, and the crop looks like it's going to need some water, so I add some water at this time," he says—but Donny says OnFarm's technology can first bring farmers unified figures they can easily understand and trust, then predictions and guidance they can rely upon.

"Not only can we tell you what's going to happen, we can help you make a better decision—to maximize the decision you're going to make," he says. "This is really bringing that machine learning down to the grower to make a decision going forth this week, next week."

Ultimately, farmers will rely less on intuition and more on number-driven predictions, says Daniel Koppel, the CEO and cofounder of Tel Aviv-based digital agriculture company Prospera.

"I think at the end of the day, growers are going to be data scientists," he says. "The actual operations side, in the very far future, that's going to be done with robots, or a lot of it is going to be automated."

But in the meantime, his company's tools have used sensor data and machine-learning techniques like neural networks to detect issues like plants stressed by improper irrigation and diseases that could put crops in jeopardy. And while he unabashedly speaks in terms that might make foodie purists wince—"We're trying to treat agriculture as any other industrial manufacturing facility," he says—Koppel says digital technology can mean fresher food and a cleaner environment, too.

Data scientists will be able to crunch the numbers to find ways to use pesticides and water more efficiently, meaning less runoff and fewer pest-killing chemicals on food, he says. The same will be true of fertilizers, Donny predicts, meaning less nitrogen runoff in soil and groundwater.

Still, some environmental advocates are skeptical, warning that tools primarily designed to boost crop yields and farm profits won't automatically undo all the environmental harm wrought by large-scale, industrial farming.

"Hopefully, in most cases, they will result in less use of farm chemicals, and less farm chemicals leaking into people's drinking water or whatever, but that's not really what they're designed to do," says Craig Cox, senior vice president for agriculture and natural resources at the Environmental Working Group. "They're designed to help farmers determine what the economically optimal rate is to apply these farm chemicals, and sometimes the economically optimal rate is to use more farm chemicals."

Donny says better data won't just mean bigger production of commodity crops like corn and soybeans—it'll mean optimizing the quality of specialty produce from wine grapes to almonds. In some cases already, farmers have been able to switch from producing old standbys like corn to more diverse collections of vegetables, he says.

That can also bring environmental gains, particularly if diversification means fields spend less time outside of growing seasons lying fallow and allowing chemicals to leach into surrounding water, according to Cox, though he emphasizes the details will make a tremendous difference.

Of course, it will also mean more income for farmers and more variety for an increasingly food-conscious society. "The ability to grow closer to the customer is important. More diversity in crops is important," Donny says. "Restaurants are driving that. Consumers are driving those needs."

Clinton generally favors continuing Obama's cyber policies, while Trump calls for more cyber warfare and surveillance.

From alleged Russian attacks on Democratic National Committee servers and the vulnerability of Hillary Clinton's emails to the ongoing debate over law enforcement access to encrypted data, cybersecurity and related privacy issues have become part of the presidential election cycle like never before.

Both major party candidates have called for the U.S. to do more to protect itself against digital attacks and to use digital tools to thwart extremist activity and digital communications. Democratic nominee Hillary Clinton has generally favored continuing policies from the Obama administration, from the current president's approach to encryption to his national cybersecurity plan, while Republican nominee Donald Trump has said that the current administration has left the country vulnerable to digital and terror attacks, and proposed ramping up cyber warfare and digital surveillance as part of a solution.

Keeping Networks Safe

Trump and Clinton have both spoken of the need to keep Americans safe from cybercrime—particularly from attacks and digital intellectual property theft sponsored by foreign nations. Clinton warned last year that China is "trying to hack into everything that doesn't move in America,"after a series of attacks were linked to the Chinese government, and Trump's campaign has similarly said that "China's cyber lawlessness threatens our prosperity, privacy, and national security."

The Clinton campaign has said she'd "build on" the Cybersecurity National Action Plan announced by the Obama administration in February. It called for the appointment of a federal chief information security officer to bolster government network security and collaborations with private industry to keep internet users safe through techniques like two-factor authentication.

"She supports expanded investment in cybersecurity technologies, as well as public-private collaboration on cybersecurity innovation, responsible information sharing on cyber threats, and accelerated adoption of best practices such as the National Institute of Standards and Technology Cybersecurity Framework," according to her campaign website.

Trump has been far less sanguine about existing efforts to keep networks safe, saying in a lengthy interview in March with the New York Timesthat in terms of digital security, "we're so obsolete, we just seem to be toyed with by so many different countries." He's also implicitly attacked Clinton's own cybersecurity credentials, repeatedly mentioning her controversial use of a private email server during her tenure as secretary of state and even calling on the Russian government to help find emails she had deleted. He later said the comment was intended to be sarcastic.

But so far, some experts have lamented that Trump hasn't proposed many concrete steps he would take as president to boost digital security.

In a recent interview with the Washington Post, former National Security Agency general counsel Stewart Baker described Clinton's cyber plan as "cautious, incremental, sober, and boring—a cybersecurity third term for President Obama"—while saying Trump's statements are "impressionistic and focused on American decline" rather than concrete specifics.

A Hillary Clinton supporter's cell phone at a campaign rally with former President Bill Clinton at Central High School in Phoenix, ArizonaGage Skidmore/Flickr

Generally, Clinton has won endorsements from veteran national security and foreign policy officials, notably including some from past Republican administrations. Michael Morrell, former acting Central Intelligence Agency director, also endorsed Clinton earlier this month, even writing in the New York Times that Trump is "not only unqualified for the job, but he may well pose a threat to our national security." A group of more than 100 Republican national security experts also signed an open letter in March, writing that "as committed and loyal Republicans, we are unable to support a Party ticket with Mr. Trump at its head," declaring him "utterly unfitted to the office."

Still, Trump has won endorsements from some national security leaders, notably including former Defense Intelligence Agency head Michael Flynn, who's been vocal about the need to beef up defense cybersecurity staffing levels.

Cyber War

Both candidates have expressed a willingness to use cyberattacks as part of U.S. military strategy, continuing down a path blazed by Obama and former President George W. Bush, whose administrations authorized cyberattacks designed to impair Iran's nuclear weapons program, including while Clinton was secretary of state. Obama also recently authorized digital strikes against ISIS, reportedly interfering with the terror group's communications and even disrupting electronic cash transfers. And a recently leaked cache of files from a hacking group calling itself the Shadow Brokers is widely believed to contain hacking tools developed by the National Security Agency.

Trump said this week that he would use "military, cyber, and financial warfare" to fight terrorism. In the past, he has said he would go further than Obama, aiming to take ISIS off the internet entirely. That could include disrupting digital communications in areas where the group holds power, he said in a December Republican primary debate.

"I sure as hell don't want to let people that want to kill us and kill our nation use our internet,"Trump said.

The idea of attempting to ban the group from the internet altogether drew criticism from some of Trump's then-rivals for the Republican nomination, who saw it as a potentially dangerous attempt at censorship, and from networking experts who suggested it would be technically difficult, if not impossible.

Clinton has been less specific about her offensive cyber warfare plans, though as secretary of state, she apparently managed some cyberattacks on al-Qaeda-recruiting websites, suggesting she's not opposed to using the technique.

"Within 48 hours, our team plastered the same sites with altered versions of the ads that showed the toll al-Qaeda attacks have taken on the Yemeni people,"she said in a 2012 speech. "We can tell our efforts are starting to have an impact because extremists are publicly venting their frustration and asking supporters not to believe everything they read on the internet."

Clinton is also no stranger to cyber war in action: She was secretary of state during the later years of and fallout from the malware known as Stuxnet, a secret project by the U.S. and Israel to disable Iranian uranium facilities. The State Department was not involved in the effort, but Clinton was well aware of its effects. In early 2011, she observed of Tehran's nuclear progress that "their program, from our best estimate, has been slowed down" because of "technological problems."

Protecting Privacy

Operating system makers like Apple and communications providers like Facebook's WhatsApp are increasingly offering encryption tools to keep users' messages secret—even from the software companies themselves. That's increasingly valuable to users after revelations about NSA monitoring and apparent attempts by other governments to spy on their citizens.

But it's also a challenge for law enforcement agencies, who can't access user data even with a warrant, since there's no way to decrypt the data without a password. That tension came to a head earlier this year, when a court ordered Apple to help the FBI unlock an iPhone used by alleged San Bernardino shooter Syed Farook. Apple challenged the order and was joined by other tech companies, saying any backdoor way around its encryption would ultimately be exploited by criminals to steal user data.

The stalemate ultimately ended when the FBI found an alternative way to unlock the phone through a security bug, but politicians and the tech industry have continued to spar over whether and how police should be able to access data in future cases.

When Apple initially fought the order to decrypt Farook's phone, Trump quickly called on his supporters to boycott the company unless it agreed to comply.

"Who do they think they are?" he asked of Apple, appearing on Fox News at the time. Trump has apparently since resumed using Apple products—the candidate was photographed using a MacBook Pro for a Reddit AMA session, and at least some posts to his official Twitter account are apparently made from an iPhone.

Donald Trump during his Reddit AMA session

Clinton has called on the tech industry and government to find a compromise solution to the dilemma, a similar stance to Obama, who warned the tech community in a March appearance at South by Southwest that, without a solution, a future terror attack could lead to "sloppy and rushed" legislation being passed by Congress.

"I think most citizens see both sides," Clinton said in a February primary debate. "This is why you need people in office who can try to bring folks together to find common ground."

Still, some privacy experts, as well as companies like Apple, continue to maintain that any compromise solution is effectively impossible, since there's no way to build a backdoor that couldn't be exploited by criminals or foreign governments.

And as far as the surveillance programs that partially motivated tech companies to roll out encryption, Trump has openly said he would restore some of the NSA's controversial warrantless spying programs that were curtailed after 2007.

"I assume when I pick up my telephone, people are listening to my conversations anyway, if you want to know the truth," he told conservative radio host Hugh Hewitt in December. "It's pretty sad commentary, but I err on the side of security." (According to a July report in the New Yorker, Trump actually allowed Tony Schwartz, the ghostwriter behind his book The Art of the Deal, to eavesdrop on his calls without other parties' knowledge.)

In October 2013, four months after Edward Snowden's revelations about the NSA, Trump tweeted, "Snowden is a spy who should be executed—but if . . . he could reveal Obama's records, I might become a major fan." It wasn't the only time he would goad people to leak sensitive information. In 2014, he tweeted that he hoped hackers would find Obama's college records to check his "place of birth."

"Attention all hackers: You are hacking everything else so please hack Obama's college records (destroyed?) and check 'place of birth,'" he tweeted. In 2013, Trump's Twitter account issued a mysterious message: "These hoes think they classy, well that's the class I'm skippen."

The tweet—a Lil Wayne lyric—was deleted, and Trump claimed he'd been hacked. "My Twitter has been seriously hacked—and we are looking for the perpetrators," he later tweeted.

Trump has also offered other intelligence proposals critiqued by civil libertarians, including surveillance of mosques and waterboarding of suspected terrorists, and said this week he's distrustful of the quality of existing U.S. intelligence data.

Clinton, for her part, called in June for an "intelligence surge" to help combat terrorism, and has repeatedly urged tech companies to do more to help the government track and stop suspicious activities online, though she condemned calls for surveillance of American Muslims because of their religion.

"As president, I will work with our great tech companies from Silicon Valley to Boston to step up our game," she said in June, following the Orlando nightclub shooting. "We have to a better job intercepting ISIS's communications, tracking and analyzing social media posts and mapping jihadist networks, as well as promoting credible voices who can provide alternatives to radicalization."

And last year, Clinton endorsed the USA Freedom Act, which placed limits on the NSA's collection of phone call metadata, though critics have pointed out she also voted for the post-9/11 Patriot Act, which included legal justification for the NSA metadata program. Trump said last year he supported allowing the NSA to collect the data. Around the time he tweeted about Snowden, Trump also acknowledged how the revelations confirmed a tradition of spying. "Fact—all the countries complaining about us spying on them spy on us. They just don't get caught—stupid!" Trump tweeted.

In terms of support from Silicon Valley, Clinton has raised about $4 million from tech industry donors, with support from industry bigwigs like Apple CEO Tim Cook, who hosted a fundraising event for Clinton on August 24. Other prominent Clinton supporters include Napster cofounder Sean Parker and LinkedIn chief Reid Hoffman, CNN reported this week, citing data from the Center for Responsive Politics. Trump, by contrast, has only raised about $200,000 from industry sources, the network reported. So far, he's won few prominent tech world endorsements besides PayPal cofounder and venture capitalist Peter Thiel, who spoke at the Republican National Convention last month.

Silicon Valley execs have reasons to be skeptical of Trump besides privacy policy, though, including his opposition to the H-1B work visas used by many tech companies to hire noncitizen workers and his repudiation of international trade agreements.

The company says machine learning and natural language processing can make financial research dramatically more efficient.

For the casual internet user, a quick Google search is often all it takes to find plenty of information on any particular topic.

But for specialized financial research, analysts often find themselves laboriously searching proprietary databases, regulatory filings, and paywalled sources that aren't even indexed by the big search engines, says Jack Kokko, the founder and CEO of financial search engine company AlphaSense.

That's why he and cofounder and CTO Raj Neervannan created AlphaSense, which applies natural language processing and machine learning techniques to let users find relevant information in financial documents.

"It started from my first job out of college as an analyst at Morgan Stanley, where I was, as every analyst, going through these huge piles of paper on my desk and trying to find information very manually—nights and days spent toiling through that information and still fearing that I'm missing a lot," Kokko says.

The San Francisco-based company takes in information from thousands of licensed data sources, as well as public web sources like news reports, and automatically processes them to extract meaning on a sentence-by-sentence level.

"When a company's talking about building a semiconductor fab in Shenzhen or just production growth in China, those two mean the same thing, even though the words are very different," he says. "We have clustering algorithms that are able to understand that those topics mean the same thing."

That lets corporate customers search for information on esoteric topics and find results substantially faster than they would by looking for the data by hand, or with the individual search engines built into specialized databases. AlphaSense says it counts more than 450 companies as customers, including financial services firms with a total of more than $3 trillion assets under management.

In one case, Kokko says, representatives from a big Wall Street firm receiving a demo from AlphaSense tried searching for information on an obscure corner of the Japanese electric power industry, and happily discovered their firm had already researched the topic.

"Our system found a whole bunch of research by that top firm on that topic that even that firm themselves didn't know about," he says. "You can't rely on people to know everything about their own internal content or the content they produce, let alone thousands of others that are offering and producing content."

For Kasandra Davis, a senior manager in investor relations at Applied Materials, which supplies tools to computer chip manufacturers, AlphaSense's tool makes it easy to search for information on the semiconductor industry—and quickly organize information about what the company's own executives have said at conferences on particular topics without laborious searches through individual transcript files.

"I would have to go into the transcript of each one of those conferences and search for those words," she says. "You can imagine what that would have been like from a time perspective."

And, she says, she recently used the tool to locate information comparing video sizes for ultra-high-definition TV versus virtual reality. That's something that was hard to find through a nonspecialized search engine.

"I did use Google to do that search on VR file size versus HD file size, and I couldn't find anything to do [with] the comparison," she says.

To ensure the tool continues to find relevant information, AlphaSense uses a mix of completely automated clustering processes and human-supervised machine learning, says Kokko. Company experts can tag sample content to train the search engine to understand, say, when a report is expressing positive or negative sentiment, and when it's talking about the past or making a prediction about the future.

"We constantly refine and have the algorithms get better by comparing to what humans are doing," he says.

Part of what makes processing all those documents practical is the rise of on-demand cloud computing services, letting AlphaSense activate servers to churn through documents and run those statistical models only as needed, rather than build a huge data center of its own, says Kokko.

"Before Amazon [Web Services], we really couldn't have done this: The processing capabilities would have required a very, very big company's resources," he says. "Now, we were able to start small with a startup's resources just focusing, using computing resources for minutes and shutting down, launching and shutting down thousands of machines, and being able to afford it, instead of owning those resources."

And for better or worse, he says the search engine similarly lets its clients do research they couldn't have previously done without hiring scores of human analysts.

"We've got some one-man shops that can do the work of 20 analysts that they don't have to hire," he says. "Or, they can actually just elevate the level of research that each person can do."

The company's machine-learning engines are providing tennis fans with real-time analytics of matches—including predictions of who will win.

Tennis fans watching the U.S. Open at home or in person this year will get some extra insights delivered by IBM's machine learning technologies.

"The way we're thinking about it is: the first time Watson's come to the U.S. Open," says IBM program manager John Kent.

IBM is using its cloud-based data-processing tools, including the Watson machine learning suite, to enhance its online videos by automatically generating everything from video captions to automated analyses of ongoing matches. During each match, IBM's online SlamTracker platform provides real-time scores and assessments, pulling in data from officials and on-court speed tracking radar to evaluate players' moves as they happen.

"We not only provide the real-time scores, but for each point, try to provide a little bit of insight as to what happened," Kent says. For example, the system can indicate on which areas of the court each player won the most points, how many feet each player moved over the course of a match, and which points were won by unforced error.

IBM has provided support to the U.S. Open for about 25 years, going back to when speed-tracking radar was new. It has introduced additional digital services as the tournament's online audience has grown and, recently, increasingly transitioned to mobile devices. This year, the company estimates that about 15 million viewers around the world will use the IBM-powered U.S. Open website and smartphone apps.

And since IBM, which provides technical services to all four of tennis's Grand Slam events, has years of historical data on individual players' performance, it can provide instant analyses around "pressure situations," offering the likelihood that, based on past performance, a player will, say, come back from a particular losing position. The numbers are all crunched using Apache Spark, an open source big-data processing engine hosted on IBM's Bluemix cloud platform.

After each match, players are able to use IBM's data to review their own performance.

"We provide the players with a USB key shortly after their match that has video of their match," Kent says. "Not just like a DVR kind-of version where they can fast-forward through their match [to specific moments], but we also index it to all the points and statistics."

At the same time, Watson's language-processing facilities take in highlight clips and player interviews from the tennis tournament, and automatically generate subtitles and transcripts for the U.S. Tennis Association to publish. This enables the USTA to generate accurate, Americans with Disabilities Act-compliant captions and transcripts faster than it could with a human doing it by hand. "The transcript goes into the publishing system," Kent says. "The USTA can make edits to that if they want."

Watson's visual recognition tools can also recognize players on the court and even celebrities in the stands to generate a searchable database of publishable photos, which spares the USTA's editorial team from having to toil away for hours indexing photos and searching for famous spectators. "That process used to be manual," Kent says. However, as with the audio processing, human staffers usually review the files before they are published. Any errors discovered can be used to train Watson to be more accurate in the future.

For fans watching the tournament live from the USTA Billie Jean King National Tennis Center in Queens, Watson's conversational tools will provide them with navigational and other information, including dining options and directions to Manhattan, available through a chat-like interface.

The U.S. Open marks the first time many of these Watson features are being used by IBM at a sports or entertainment event. But IBM (which also provides digital support for the other Grand Slam tournaments, the Masters Golf Tournament, and Broadway's Tony Awards) will likely soon be working on services for spectators in 2017.

An internal incubator is using Google's marketing algorithms to present ISIS sympathizers with different points of view.

An experimental division of Google parent Alphabet is harnessing Google's advertising technology to help stop the spread of ISIS.

"ISIS is a terrorist group unlike any that we've seen before," says Yasmin Green, the head of research and development at Jigsaw, an internal tech incubator focusing on international security issues. "They've been successful in capturing both physical territory and digital territory."

The extremist group has reportedly lost physical territory in Iraq and Syria in recent months, but security experts have long warned that its sophisticated media strategy—involving videos, social media, and even glossy print publications—still enables the group to attract supporters from around the world.

"With the widespread horizontal distribution of social media, terrorists can identify vulnerable individuals of all ages in the United States—spot, assess, recruit, and radicalize—either to travel or to conduct a homeland attack," Federal Bureau of Investigation Director James Comey told Congress last year. "The foreign terrorist now has direct access into the United States like never before."

Jigsaw, formerly known as Google Ideas, concluded an 8-week pilot program earlier this year, using the same technologies that let commercial advertisers target internet users most likely to be interested in their products to identify users demonstrating sympathies toward ISIS. Then, says Green, online ads pointed them toward content, in both English and Arabic, delivering alternative viewpoints in ways that can actually change their minds.

"They usually made their decision to join [ISIS] based on partial information," she says of those who've joined the terror group in the past. "That's really the bet we're making here, is that with better information, individuals will be empowered to make better choices."

Before launching the test campaign, members of the Jigsaw team did extensive field research, meeting with former ISIS sympathizers and members of targeted communities from Iraq to London, trying to understand everything from how they use mobile phones to what motivated their initial sympathies for the terror group. They then formulated an advertising campaign targeting internet users whose search keywords indicated a potential for radicalization, not just an interest in mainstream news coverage of terrorism or events in the Middle East.

"We were factoring in these types of things: supportive slogans, deferential terms for the Islamic State, preferences for ISIS-produced content," says Green.

For instance, ISIS sympathizers are more likely to use an Arabic-language slogan meaning "remaining and expanding," and they're more likely to use certain terminology for the group itself and political concepts it embraces, like the return of the Islamic political institution known as the caliphate, she says.

A Google advertising tool called the Keyword Planner, which uses Google's substantial data collections to suggest additional relevant keywords to target for an ad campaign, helped find additional terms to target with ads, she says. And while the company didn't do any offline tracking of targeted users, so it can't say how many people may have actually been dissuaded from joining ISIS, it still saw encouraging signs from the pilot.

"Over 8 weeks, in Arabic and English, that this pilot ran, it reached an estimated 320,000 unique individuals, half of which we believed showed signs of positive sentiment toward the Islamic State," Green says. And, she says, the click-through rate of the ads Jigsaw placed were on average 70% higher than others targeting the same keywords.

But simply placing advertisements is only half the battle: Green and her team also had to decide what kinds of content those ads would promote. They quickly decided to curate existing content online, rather than producing new material, but that still left a lot of choices to be made. And sending users to videos or blog posts that just offer "facile parody" of ISIS, use terminology that's seen as overly derogatory, or simply come off as overly preachy will just alienate the people Jigsaw is trying to reach, she says.

"It turns out a lot of the content being produced in this space, I liken it to showing smokers their lungs with nicotine [damage] on the side of the cigarette packet," she says. And even mainstream Western news sources, like the BBC, can be seen as biased by potential ISIS recruits, Green says the team learned through field research.

They decided, instead, to focus on citizen journalism and documentary footage showing the realities of life under ISIS and the struggles the group has been having militarily, along with material highlighting the religious debate around some of the Islamic concepts ISIS cites and testimony from former ISIS supporters who had left the group.

"Those were among the most compelling," Green says. "These were individuals who had just come back—they were until very recently subscribing to ISIS ideology."

Ultimately, users targeted by the ads collectively watched about 500,000 minutes of video, she says. And as the project expands, Green hopes to work with external funding organizations and advertising groups to expand to other languages and potentially even enable deradicalization experts to work one-on-one with potential ISIS recruits who are posting on YouTube and social media networks.

The efforts may one day expand to combat other forms of extremism, such as white supremacist movements, she says. Since shortly after it was founded in 2010 as Google Ideas, the group has been in contact with former extremists of a variety of stripes, looking to learn why young people are drawn to such movements.

Jigsaw's project isn't the only effort to focus on countering ISIS propaganda: Obama administration officials have met with executives from Hollywood movie studios and social media companies like Snapchat and Facebook to discuss ways to limit and counter the group's global reach. And while the pilot program arose within Alphabet, a company central to internet advertising, Green says there's no reason a similar project couldn't begin elsewhere.

"There's no really secret sauce here," she says. "This is really just about setting the target audience as those who already engaged, informing the campaigns with insights from defectors and former members, and getting the insights to design really good campaigns."

With a 99.9% success rate at detecting malware, Deep Instinct aims to revolutionize how we protect ourselves on the web.

A cybersecurity startup is applying the same "deep learning" techniques that are used in modern image and voice recognition to detect malware.

Deep Instinct launched late last year with a system that it says can go beyond typical antivirus programs by not only detecting known malware but also flagging dangerous software it's never encountered before.

The company doesn't need to have security experts create digital rules specifying what kind of characteristics should trigger alerts, says Maya Schirmann, Deep Instinct's chief marketing officer. Instead, the system essentially trains itself by studying enormous numbers of applications, documents, images, and other common types of files, labeled simply for whether they contain malware or not.

"The training phase happens on our own premises, at Deep Instinct," Schirmann says. "We have an artificial brain, and we train it on hundreds of millions of files."

The system develops a complex statistical model for what constitutes malware, which Deep Instinct claims has at least a 99.9% success rate at spotting infectious files. It can continue to refine that model by allowing the program to sample additional malicious code as it's discovered by security researchers and distributing those updates to existing customers. Engineers at the company, which has offices in San Francisco and Tel Aviv, can even tweak samples of existing malware to create new attack code, which can serve as additional training data for the program, she says.

"We have a special team dedicated to creating these malware [programs and] mutating them," she says.

The company's software can then run on a networked server, scanning email attachments, file uploads, or other incoming data for potential attacks. Or it can run in a standalone mode on a desktop, laptop, or smartphone. Since the learned model is stored with each copy of the software, it can even detect attacks when it's not connected to the internet, like if an infected memory stick is inserted into a computer while traveling on an airplane, she says.

"It doesn't need to be connected to the enterprise's network to detect and protect," she says. "It doesn't need to be connected to the internet at all."

Deep Instinct isn't the only company to apply artificial intelligence and machine learning techniques to security, but Schirmann says it's the first to launch a security product based around deep learning—a technique that's helped internet giants like Google and Facebook make significant strides in traditionally difficult areas of computing, such as facial recognition and language processing.

"Deep learning is a domain that today is applied by companies like Google, Facebook, Baidu, Microsoft, [and] IBM, with amazing success in domains that have nothing to do with cybersecurity," Schirmann says.

Unlike earlier forms of machine learning that often required humans to specify types of features of an image, audio sample, or other input they thought would be important to classifying the data, deep learning generally starts with the actual byte-by-byte structure of the input file, where systems automatically learn to run the data through multiple layers of mathematical processes to tease out higher and higher-level structures.

That method, it turns out, gives better results for many different recognition and data classification problems—and can save on human labor, since there's no need for living, breathing experts to code up ways to extract salient features from the underlying information.

"In deep learning, that phase absolutely does not exist," says Schirmann. "You feed in raw data."

And while the current version of the company's product only targets malicious files and not other types of attacks, Schirmann says future versions of the tool will apply the same learning techniques to other attack types as well.

Websites and international smuggling rings are fueling a surge in overdoses thought to be due to the elephant-strength opioid carfentanil.

In the past few months, a string of overdoses across the U.S. has been linked to an opioid drug so potent that it's not intended for human consumption.

Carfentanil is the world's most powerful commercial opioid, considered to be 100 times more potent than its relative fentanyl, the carefully controlled prescription painkiller linked to Prince's death, which itself is 50 times stronger than heroin.

Originally synthesized in the 1970s, carfentanil is marketed under the name Wildnil as a general anaesthetic for large animals like elephants, and was never intended for humans. But like any number of new synthetic drugs, it's easily finding its way from clandestine labs and into the illicit drug supply through the mail. Sold openly on the web or through drug markets on the anonymous Tor network, the drug is being added to heroin and counterfeit pain medication by traffickers and often taken by users who don't know exactly what they're consuming.

"We're seeing a lot of the activity take place over the internet through anonymous relationships between a consumer and the drug manufacturer or source of supply," says Russ Baer, a spokesman for the Drug Enforcement Administration. The agency has warned communities across the country to be on alert for the drug, and has told first responders to wear protective gloves and masks, since the drug can be dangerous to someone who simply touches it.

Both drugs, along with a growing cornucopia of illicit synthetics, are largely being manufactured in China, Baer says, and smuggled into the United States both over land and through the U.S. Postal Service. In June, the U.S. Customs and Border Protection said it had seized almost 200 pounds in fentanyl and other synthetic opioids—that is, those made purely in labs, rather than from the opium poppy—compared to only 8 pounds the previous year.

In recent months, hundreds of drug overdoses have been linked to carfentanil and fentanyl, a related opioid said to be 100 times the strength of morphine and commonly used to treat severe pain in cancer patients. The drug has showed up on the Gulf Coast of Florida, in western Pennsylvania, central Kentucky, and in Ohio, where, in one county this August, at least 96 heroin users overdosed in a single week.

[Graphic: courtesy of United Nations Office on Drugs and Crime]

Cursory internet searches turn up options to order the drug from Chinese sellers on numerous e-commerce websites and through dark web markets on the Tor network, where users can trade largely anonymously using bitcoin and purchase other controlled substances, from ketamine to cocaine.

Dark web vendors contacted about their supplies didn't respond to requests for comment, and one Chinese vendor advertising carfentanil on a Korea-based e-commerce site responded only with a price quote—$300 for 200 milligrams—ignoring questions about how the product would be shipped.

Vendors often use discreet packaging for the drug. Last month Canadian border officials reported seizing one kilogram of the drug labeled as printer accessories, with agents wearing hazmat suits to handle the highly potent chemical.

The risks of the drug have also led some vendors to limit who can purchase the substance and to caution users about its dangers. In one recent listing, a vendor offering the drug pledges to only make it available to users who've already tried fentanyl or a related drug.

"Again, we can't stress this enough, carfentanil is meant to be purchased by *only* experienced fentanyl users with a high tolerance," wrote one dealer on a hidden site. "This stuff is NO JOKE."

A posting for carfentanil on a Tor hidden network site

Another vendor, offering to ship the drug from China, warns users on safe handling instructions, which mirror those used by the veterinary industry.

"You need to wear mask and gloves to handle this chem," the seller writes. "Accidental contact can result in OD."

"Thousands" Of Clandestine Labs

Authorities say the drug is often shipped from China, an epicenter of synthetic chemical manufacturing and the source, according to the DEA, of the ingredients that Mexican drug traffickers use to make most of the methamphetamine consumed in the U.S. Drug officials have complained of "thousands" of clandestine labs in China, and said that despite the country's strict drug laws, authorities there have been slow to address the problem.

"We aim to help and support other countries in any way we can," Liu Yuejin, China's assistant minister of public security, has said about the government's commitment to international cooperation against drug traffickers.

Chinese officials have acknowledged that the country produces "a substantial" share of the newer synthetic drugs on the global black market and have been stepping up efforts to control the traffic. Last year the country's courts handled nearly 140,000 drug-related cases, up 30% from 2014, according to official data. DEA officials are also in ongoing discussions with their counterparts in China about how to stem the tide of opiate imports, Baer says.

Many of the country's illicit labs attempt to stay one step ahead of laws that ban illicit synthetic drugs simply by altering a few molecules of the chemical compound, creating new and not-yet-illegal drugs. While some countries, like the U.S., have banned whole ranges of chemicals that mimic illegal drugs, many nations have not.

Following a ban last fall of more than 115 synthetic drugs, including various analogs of fentanyl, a new, unregulated analog, furanyl fentanyl, began to appear in the U.S., according to U.S. drug officials, who subsequently moved to ban the drug stateside. At least one Chicago man died from an overdose of the drug.

"Fentanyl and fentanyl-related compounds, whether we're speaking about fentanyl analogs such as a carfentanil, or compounds that haven't been scheduled—for example U-47700—for the most part are originating in China," Baer says.

Since Baer spoke to Fast Company, the DEA has announced plans to move U-47700, a powerful experimental opioid discovered in the 1970s but never approved for use in humans, into the same legal category of drugs as heroin and LSD, effectively banning it.

A preview of Vice's episode on synthetic drugs, on HBO

Legal chemicals to manufacture the drugs are also being smuggled from China into Mexico and ultimately being used to strengthen heroin or make counterfeit versions of pain pills like oxycodone, Baer says. In some cases, those precursor chemicals are stolen from licensed labs in Mexico and end up in the hands of drug traffickers.

"As far as the precursor chemicals go, you've got a legitimate drug manufacturing company in China shipping a precursor chemical to a legitimate chemical handler in Mexico," says Baer. "Once they arrive in Mexico, these precursor chemicals are often then diverted to these Mexican trafficking organizations."

Carfentanil isn't often sold to users on its own, but rather significantly diluted and sold as heroin. One dark web listing contains a recipe for China White—a term used for potent varieties of heroin—that suggest mixing 100 milligrams of carfentanil with 100 grams of a cutting agent. Carfentanil prices on the site and elsewhere online range from $800 to about $2,500 per gram, while a report last year from the Ohio Substance Abuse Monitoring Network found heroin for sale in the Cleveland area for roughly $90 to $120 per gram, and similar prices are available through the dark web.

But if one gram of carfentanil equivalent can be used to produce the equivalent of 1,000 grams of heroin—in line with the recipe and published reports of the drug's potency—carfentanil is still orders of magnitude cheaper per dose than heroin.

Since an equivalent dose is smaller and easier to smuggle without necessarily being much more expensive to manufacture, more potent drugs can be easier and cheaper to distribute, says Steven Kurtz, the director of Nova Southeastern University's Center for Applied Research on Substance Abuse and Health Disparities. But, he says, retail-level dealers, let alone the rising number of people affected by what's been called an epidemic of opioid addiction, often don't even know what's in a particular packet sold as heroin. Most of those who overdose on carfentanil likely don't even know they've ingested it.

"It's very lucrative," he says. "The good thing about high potency from a distribution network standpoint is it can be shipped in very small containers, but the problem from a user standpoint is you have no idea what you're taking."

After a rash of deaths in Cincinnati over the Labor Day weekend, the city's coroner said she believed that the area was being used as a "test tube" by drug dealers who were cutting carfentanil into fentanyl and heroin.

The Unknown Risk

Since the drug was until recently so rare outside of specialized veterinary practice, scientists aren't entirely sure what the lethal human dose of the drug is—though experts have speculated it could be less than the weight of a grain of sugar. Only 19 grams of the drug were legally produced in the U.S. last year, according the DEA, though more than 50 times that amount was found in just one shipment from China seized by Canadian authorities in late June.

In 2010, the authors of a paper in the American Journal of Emergency Medicine reported what they called the first confirmed case of poisoning with the drug. They described a veterinarian who, while sedating elk for a tuberculosis test, accidentally splashed his face with carfentanil while pulling a misdirected tranquilizer dart from a tree trunk. Within two minutes, he became drowsy and had to be treated with an opioid antidote kit that's kept on hand when the drug is used. He recovered without serious incident, according to the report.

And while the drug is increasingly available to drug traffickers and dark web buyers, it's still hard to come by for law enforcement officials who need samples to compare against seized substances and to determine the cause of death of overdose victims.

"When we first started talking about fentanyl in July, we were unable to actually get a sample [of carfentanil] for testing, so we reached out to the zoo," said Dr. Lakshmi Sammarco, the coroner of Ohio's Hamilton County, which includes Cincinnati, in a Tuesday press conference. "It is a compound that is used for large animal sedation and opiate use, but we weren't able to get any from our zoo—they didn't have any. So we reached out to our fellow coroners in Franklin County, Summit and Cuyahoga County, and nobody had enough."

Only by working with Senator Rob Portman and the DEA was Sammarco's office able to obtain a sample of the drug and confirm it had killed at least eight people in the county since July. Since carfentanil is still rare, and many labs don't yet have the ability to test for it, it's difficult to know how many deaths are attributed to the drug. But Centers for Disease Control researchers have said fentanyl-related deaths in Ohio rose 526%, from 84 to 526, between 2013 and 2014, as synthetic opioids first began to appear in the state in large numbers.

County officials are also worried about the efficacy of naloxone, or Narcan, the opioid antidote that helps users recover from a heroin overdose. While emergency responders typically use one or two shots to counteract a heroin overdose, carfentanil can require six or even more. A spokesman for the city of Cincinnati told the local Fox affiliate that a typical Narcan dose costs about $32, a cost that's increased in recent years from $15 a dose.

Senator Portman is part of a group of lawmakers who introduced legislation to require more digital information for packages shipped internationally in an effort to make it harder to import drugs through the mail. The Postal Service currently receives less electronic information about packages before they arrive in the U.S. than private carriers such as UPS and FedEx, making it harder to detect suspicious shipments, he said in a statement.

"That includes information like who and where it is coming from, who it's going to, where it is going, and what's in it," he said. "Having this information in advance will enable CBP to better target potential illegal packages, and that will help ensure that dangerous drugs like fentanyl and carfentanil don't end up in the hands of drug traffickers who want to harm our local communities."

The bill was referred to the Senate Finance Committee, though it's unclear, assuming it passes, whether it will do much to limit the flow of synthetic drugs or simply drive smugglers to get them into the country by other means.

According to Baer, much of the carfentanil and other strong opioids causing overdoses are likely delivered through more traditional channels. In the case of Cincinnati, it's thought that the drug is mostly coming in through heroin shipments that flow north on Interstates 71 and 75.

"Traditional smuggling methods are being used in terms of the bulk smuggling activity," he says.

And while opioid addicts are likely increasingly aware of the dangers posed by chemicals of unpredictable potency, they're often left with limited alternatives.

"People in communities that are using the drugs are becoming more and more aware that they can't necessarily trust the potency of what they're taking," says Kurtz. "At the same time, opioid addiction is extremely powerful, so having them stop isn't usually an option."

Lowe's Tangos With Google To Help You Remodel Your Home In Augmented Reality

What "Safety Check" Reveals About Facebook's Changing Role

Choosing When To Activate

Trending Crises

This New App From Duolingo Aims To Make Flash Cards Obsolete

How The Cybersecurity Industry Is Coping With A Skills Shortage

Why The Suspected Russian Hack Of The DNC Is Such A Game Changer

An All-Seeing Eye In The Sky Will Watch Over The Rio Olympics

Related Video: How Drones Are Changing The Lives Of Their Pilots

How WikiLeaks Has Changed: From Whistleblower To Weapon

Target's Tech For Tots Aisle: Sure To Be A Guilty Parenting Hotspot

How Hackers Are Going For Gold At Rio's Olympics

Phishing In An Olympic-Sized Pool

Watching Out For Counterfeit Hotspots

Messing With The Games Themselves

This Security Company Based Its Tech On The Human Immune System

SAP Targets Terrorism With AI

Turbulence Ahead: Delta Computer Outage Is Just The Start, Say Experts

Hackers Use Google's Ad Network To Spread "Fake Login" Malware

Beware Of Sideloading And Malvertising

How To Stay Safe

How Machine Learning Will Change What You Eat

Where Clinton And Trump Stand On Cybersecurity And Privacy

Keeping Networks Safe

Cyber War

Protecting Privacy

This AI Startup Wants To Automate Your Tedious Document Searches

At This Year's U.S. Open, IBM Wants To Give You All The Insta-Commentary You Need

Alphabet Is Using Google's Ad Technology To Take On ISIS

Can Deep Learning Take Cybersecurity To The Next Level? This Startup Says Yes.

How America Gets Its Deadliest New Drug

"Thousands" Of Clandestine Labs

The Unknown Risk