Yasser Elabd, who formerly served as a senior director at Microsoft, has accused the Windows giant of paying illegal bribes to close business deals in the Middle East and Africa.
In a post published on whistleblowing platform Lioness this week, Elabd alleged how in 2016 he challenged a dubious $40,000 payment to make a sale in a country in Africa and was then retaliated against and ultimately fired in 2018.
Elabd said in 2020 he learned more about the alleged scheme when a former colleague in Saudi Arabia began forwarding him emails and documentation that indicated corrupt practices.
"Examining an audit of several partners conducted by PricewaterhouseCoopers, I discovered that when agreeing to terms of sale for a product or contract, a Microsoft executive or salesperson would propose a side agreement with the partner and the decision maker at the entity making the purchase," Elabd claimed.
"This decision maker on the customer side would send an email to Microsoft requesting a discount, which would be granted, but the end customer would pay the full fee anyway. The amount of the discount would then be distributed among the parties in cahoots: the Microsoft employee(s) involved in the scheme, the partner, and the decision maker at the purchasing entity – often a government official."
Microsoft three years ago was fined by the US Justice Department and the US Securities and Exchange Commission for this very behavior in other countries.
In 2019, Microsoft agreed to pay $8.7m in criminal penalties to resolve bribery charges related to business practices in Hungary. In a related investigation, the company also agreed to pay the SEC $24m that year to settle charges that it violated the Foreign Corrupt Practices Act (FCPA) through subsidiaries in Hungary, Thailand, Saudi Arabia and Turkey, and criminal charges related to conduct in Hungary.
The FCPA "generally prohibits the payment of bribes to foreign officials to assist in obtaining or retaining business," the SEC explained on its website.
According to the World Bank, about 16 percent of companies as a global average experienced at least one bribery request in 2020. In many countries, that figure is significantly higher. In the Syrian Arab Republic, data from 2009 indicates about 69.6 percent of businesses get hit up for bribes; in Cambodia in 2016 about 64.7 percent of companies received at least one bribery request. In Yemen in 2013, the figure was 64.3 percent.
As the SEC described the situation at the time, Microsoft offered discounts on software licenses to its partners, who instead of passing the discounts along to Microsoft's government customers used the discounts to fund payments to government officials to have sales deals approved. The US financial watchdog also said Microsoft's subsidiaries offered improper travel and gifts for foreign government officials and non-government customers through a slush fund supplied by Microsoft's partners and resellers.
Elabd said he's aware of five other Microsoft employees who were either fired or forced to resign for reporting finance irregularities. And he said the SEC and the Department of Justice have declined to investigate despite the evidence submitted as part of his whistleblower complaint.
"They acknowledged my evidence (which I submitted three times) yet did not take up the case, claiming that the current pandemic has prevented them from gathering more evidence from abroad — even though I have already provided documentation that I believe shows Microsoft is in breach of the 2019 agreement and is still participating in corrupt business practices in direct violation of US law," he wrote.
They acknowledged my evidence yet did not take up the case, claiming that the current pandemic has prevented them
The Register asked the SEC to confirm this. An SEC spokesperson replied, "The SEC does not comment on the existence or nonexistence of a possible investigation."
Elabd contends that Microsoft is aware of what's going on with its partners and is deliberately looking the other way.
"In 2013, it was discovered internally that a member of the sales team managing one country’s government contracts was taking money from the business investment fund for a 'pilot program' at a company in another country – but the company was his own, and the program was fake," he claimed. "HR and legal department executives confronted the employee, who threatened to expose the scale of corruption inside Microsoft; he then resigned and joined a rival company the next day."
In Protocol's report on Elabd's post, that last line reads, "He resigned and joined Oracle the next day."
Elabd goes on to allege how later, at an annual meeting in Turkey, Microsoft personnel said no action was taken against the grifting employee because the punishment for that sort of crime in the employee's home country was so severe.
"In my estimation, a minimum of $200 million each year goes to Microsoft employees, partners, and government employees," he wrote. "Experience leads me to believe that 60–70 percent of the company’s salespeople and managers in the Middle East, Africa, and parts of Europe are receiving these payments."
Following the 2019 settlement announcements, Microsoft published a blog post from president Brad Smith expressing disappointment with those involved and declaring the company's support for ethical business practices.
"We were deeply disappointed and embarrassed when we first learned about these events several years ago, and we hope that all of the steps we’ve since taken, including today’s settlement, send a strong message," Smith said. "As a company, we do not tolerate employees and partners who willfully break policies that go to fundamental issues of business integrity."
Asked to comment on Elabd's allegations, Microsoft emailed a statement from Becky Lenaburg, VP and deputy general counsel of compliance and ethics.
"We are committed to doing business in a responsible way and always encourage anyone to report anything they see that may violate the law, our policies, or our ethical standards," said Lenaburg. "We believe we’ve previously investigated these allegations, which are many years old, and addressed them. We cooperated with government agencies to resolve any concerns." ®
Ransomware is among the most feared of the myriad cyberthreats circulating today, putting critical data at risk and costing some enterprises tens of millions of dollars in damage and ransoms paid. However, ransomware doesn't occur in a vacuum, according to security startup Lumu Technologies.
A ransomware infection is usually preceded by what Lumu founder and CEO Ricardo Villadiego calls "precursor malware," essentially reconnaissance malicious code that has been around for a while and which lays the groundwork for the full ransomware campaign to come. Find and remediate that precursor malware and a company can ward off the ransomware attack is the theory.
"The moment you see your network – and by network, I mean the network defined the modern times, whatever you have on premises, whatever is out in the clouds, whatever you have with your remote users – when you see any assets from your network contacting an adversarial infrastructure, eliminate that contact because that puts you in your zone of maximum resistance to attacks," Villadiego told The Register.
GTC Disassembling and analyzing malware to see how it works, what it's designed to do and how to protect against it, is mostly a long, manual task that requires a strong understanding of assembly code and programming, techniques and exploits used by miscreants, and other skills that are hard to come by.
What with the rise of deep learning and other AI research, infosec folks are investigating ways machine learning can be used to bring greater speed, efficiency, and automation to this process. These automated systems must cope with devilishly obfuscated malicious code that's designed to evade detection. One key aim is to have AI systems take on more routine work, freeing up reverse engineers to focus on more important tasks.
Mandiant is one of those companies seeing where neural networks and related technology can change how malware is broken down and analyzed. At this week at Nvidia's GTC 2022 event, Sunil Vasisht, staff data scientist at the infosec firm, presented one of those initiatives: a neural machine translation (NMT) model that can annotate functions.
GTC Nvidia has laid out its roadmap, of sorts, to a trillion dollars in revenue.
That ten-figure revenue projection has no timeline, and is ambitious considering the revenue from the most recent financial year was just $26.9bn, up 61 percent annually. The GPU giant's GTC event this week indicated its path at least involves extracting repeat revenue from software that runs atop Nvidia's hardware. This has been apparent for a while now, from past statements and launches.
GTC focused heavily on AI and graphics applications that cut across Nvidia's GPU, CPU, data processing, and automotive offerings. It is Nvidia's belief that software in the long run will generate more cash through subscriptions and upgrades than money coming in through one-time hardware shipments. These subscriptions will be tied to the software layer of Nvidia's full stack of technology.
The average ransom demand hit $2.2 million in 2021, a 144 percent rise from the year prior, according to Palo Alto Networks' Unit 42 consultants, while the average ransom payment grew 78 percent to $541,010.
The research and consultancy outfit latest ransomware report, issued this week, pulls data from cases handled by Unit 42 along with analysis of ransomware gangs' leak sites.
These findings, combined with another ransomware report released this week from the US Senate Homeland Security and Governmental Affairs Committee, paints a disturbing picture of cyber criminals' increasingly brazen tactics, and how difficult it is for organizations of all sizes to defend themselves.
Datacenter demand is booming in North America as the economy recovers from the coronavirus pandemic, according to a report from CBRE.
The real estate services and investments specialist said that in the primary datacenter market areas (Northern Virginia, Silicon Valley, Chicago, New York Tri-State, Dallas, Phoenix, and Atlanta) there was record absorption – or uptake of capacity – for the whole of 2021, up 50 percent over 2020.
As a result, the total inventory across these primary market areas grew by 17 percent year-on-year during 2021 to 3,358MW of capacity, CBRE found, and another 728MW of capacity is currently under construction.
Nvidia has hashed out a new approach to neural radiance field (NeRF) technology that will generate a fully rendered 3D scene from just a few still photos, all in a matter of seconds, including model training time.
NeRFs themselves were created in 2020 as a method "for synthesizing novel views of complex scenes" based on only a few still photos tagged with 5D coordinates including spatial location and viewing direction.
Nvidia's Instant NeRF doesn't change the underlying NeRF algorithms; rather, it takes that existing concept and speeds it via a novel model input method with dramatic speedups in both training and inferencing when pumped through one of the company's top-end GPUs.
Atlassian has demonstrated the interconnectedness of all things with a warning that some versions of Bitbucket Data Center and Confluence Data Center require patching courtesy of the Hazelcast Java deserialization vulnerability.
Hazelcast is an in-memory data grid and spreads data over the nodes of a cluster and is used for efficiency and performance via its in-memory tech. It is also relatively environment agnostic, running happily on-premises or in Microsoft, Amazon, and Google's clouds.
The vulnerability affects products running as a cluster; the Server and Cloud versions of Bitbucket and Confluence are not affected. Exploitation is via a specially crafted JoinRequest with the potential result of arbitrary code execution.
If you're driving a Honda Civic manufactured between 2016 and 2020, this newly reported key fob hijack should start your worry engine.
Keyless entry exploits are nothing new. Anyone armed with the right equipment can sniff out a lock or unlock code and retransmit it. This particular issue with some Honda vehicles is just the latest demonstration that auto manufacturers haven't adapted their technology to keep up with known threats.
CVE-2022-27254, tied to this discovery, was the work of four researchers: Professors Hong Liu and Ruolin Zhou from the University of Massachusetts, computer scientist Blake Berry, and Sam Curry, CSO at Cybereason. Their research suggests that Honda Civic LX, EX, EX-L, Touring, Si, and Type R vehicles manufactured between 2016 and 2020 all have this vulnerability.
The US and the EU have reached an agreement to enhance Privacy Shield following almost two years of work since the European Court of Justice struck down the data-sharing arrangement in 2020.
As part of a joint statement with US president Joe Biden, European Commission president Ursula von der Leyen said the two sides had "found an agreement in principle on a new framework for transatlantic data flows."
"This will enable predictable and trustworthy data flows between the EU and US, safeguarding privacy and civil liberties," she said. "I really want to thank Commissioner Reynders and Secretary Raimondo for their tireless efforts over the past months to find a balanced and effective solution. This is another step in strengthening our partnership. We manage to balance security and the right to privacy and data protection."
Goldman Sachs is reportedly lined up to be the lead underwriter for Arm's public offering in a move expected to value the chip designer at up to $60bn, higher than the purchase price first offered by Nvidia.
Owner SoftBank is said to be favoring Goldman Sachs to head up the Arm flotation, according to Reuters, which cited loquacious anonymous sources. Bloomberg also named JPMorgan Chase & Co. and Mizuho Financial Group as firms that SoftBank was locked in discussions with.
Goldman Sachs was originally hired by SoftBank in 2020 to explore the company's options around an IPO or a sale of the business, which led to the initial $40bn offer from Nvidia.
Sanctions for non-compliance with new EU powers could hit tech giants with fines of up to 10 percent of their worldwide turnover – that's around $21.bn in the case of dominant online retailer Amazon.
The political bloc's legislator has set out agreed rules to tackle dominance of big tech firms deemed "gatekeepers" because of their control over broad sets of services within their platforms.
Under Digital Market Act (DMA) outlined last night, the European Commission will have powers to designate companies as gatekeepers following a market investigation.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2022