White House Blames Russia for NotPetya, the 'Most Costly Cyberattack In History'

It’s been nearly eight months since the malware known as NotPetya tore through the internet, rippling out from Ukraine to paralyze companies and government agencies around the world. On Thursday, the White House finally acknowledged that attack. And in a reversal of its often seemingly willful blindness to the threat of Russian hacking, it has called out the Kremlin as NotPetya’s creator.

“In June 2017, the Russian military launched the most destructive and costly cyberattack in history,” reads the short statement published by the White House Thursday afternoon. NotPetya, the statement continues, “quickly spread worldwide, causing billions of dollars in damage across Europe, Asia, and the Americas. It was part of the Kremlin’s ongoing effort to destabilize Ukraine, and demonstrates ever more clearly Russia’s involvement in the ongoing conflict. This was also a reckless and indiscriminate cyberattack that will be met with international consequences.”

That brief statement, which follows similar from the UK and Danish governments earlier today, represents a long awaited—or perhaps long overdue—response to a Russian cyberwar that has barraged every level of Ukrainian society, and with NotPetya, spilled out into the rest of the world.

After years of hacker attacks on Ukrainian targets that have destroyed hundreds of computers, terabytes of government data, and twice caused the first-ever hacker-induced blackouts, the NotPetya worm hit Ukraine in late June of last year and quickly spread beyond of the country’s borders. Within days, in part thanks to a leaked NSA hacking technique, it had paralyzed multinational giants including Merck, Maersk, Fedex, and many others, permanently encrypting the hard drives of tens of thousands of those victims’ computers. The attack cost those companies hundreds of millions of dollars each in cleanup costs and lost business, according to their disclosures to shareholders.

Though the White House didn’t provide any evidence of the link between NotPetya and Russia, the notion that Russian military hackers were behind it doesn’t come as a surprise to most in the cybersecurity community. Despite NotPetya’s initial disguise as a form of profit-focused ransomware, security companies like the Ukrainian firm ISSP and the Slovakian company ESET linked the malware early on to a group known as Sandworm or Telebots, believed to be the Russian team responsible for spearheading Russia’s cyberwar attacks on Ukraine. In January, the Washington Post reported that the CIA had found Russia’s military intelligence agency, the GRU, responsible for NotPetya.

But a more formal recognition of Russia’s hand in that massively damaging attack nonetheless represents a landmark, says John Hultquist, who led the team at security firm FireEye that first identified Sandworm. “Without ever being formally attributed by governments naming them publicly, they enjoyed a certain amount of protection from any response,” Hultquist says. “It appears the administration has drawn a line in the sand with an actor that’s been extremely aggressive and enjoyed quite a bit of anonymity until now.”

Beyond a mere recognition of NotPetya’s source and scope, the White House’s statement represents a new turn in its relations with the Russian government. President Trump has, after all, stubbornly refused again and again to name the Russian government as the source of the hacker meddling in the 2016 US election, even after US intelligence agencies named the Kremlin as the culprit behind the breaches of the Democratic National Committee and the Clinton Campaign. Just earlier this week, in fact, a panel of intelligence agency directors told Congress that the White House has essentially failed to take any steps to prevent future election interference by Russian hackers.

The attribution of NotPetya to Russia represents a far more proactive response to the threat of Russian hacking, says Thomas Rid, a professor at Johns Hopkins University’s School of Advanced International Studies. “This is far easier for them to talk about. It’s not a partisan issue. It’s a safer attribution call for them to make,” says Rid. “This is the first step in actually drawing a red line so that something like NotPetya isn’t done again.”

Just how the US government will inflict the “international consequences” that the White House’s statement promises remains unclear. The Obama administration responded to various state-sponsored hacker attacks with, in some cases, indictments of hackers involved and sanctions. But the Trump administration has failed to even carry forward legally imposed sanctions on Russia imposed by Congress to punish the country for its role in meddling with the 2016 US election.

But FireEye’s Hultquist says he’s hopeful that the White House’s statement is nonetheless a step towards real deterrence of the broader cybersecurity threat Russia represents. “There are diplomatic, economic and other military tools that can be brought to bear, but the first step is attributing the activity,” he says.

Hultquist believes Sandworm’s attacks aren’t finished yet. But a recognition of the group at the highest level of the US government is perhaps a start towards reining them in. “This won’t be the last time we see of them,” he says. “But when the blame falls again on Russia, it’s going to be a lot easier for the public to digest and for action to be taken.”

Russian To Judgment

Applied Materials first-quarter results, current-quarter forecast beat on chip demand

(Reuters) – Applied Materials Inc (AMAT.O) reported first-quarter profit and revenue above Wall Street estimates as the world’s largest semiconductor equipment maker benefited from higher demand for flat panel displays and chips used in electronic items.

Share of the company rose 2.2 percent to $53.11 in after-market trading on Wednesday after its revenue and profit forecasts for the current quarter also came in above market expectations.

Sales from its semiconductor business, its largest, jumped 32 percent to $2.84 billion in the quarter.

The company’s results, seen as a yardstick for the semiconductor industry, has been benefiting from higher demand for 3D NAND memory chips from smartphone makers and the shift to organic light-emitting diode technology for displays.

Sales from its display business — which makes flat panel screens for televisions, PCs and smartphones — rose 7.8 percent to $455 million.

While Applied Materials has benefited from a surge in sales of smartphones, it is also set to cash in on the rise of new technologies such as AI, big data, machine learning, augmented reality and autonomous driving.

“We see sustainable strength in our markets as new demand drivers, including IoT, Big Data and AI, layer on top of traditional computing and mobility,” Chief Executive Gary Dickerson said on a post-earnings call.

The company said it also approved a $6 billion share repurchase plan, an increment to $2.8 billion remaining in the previously approved authorization, while also doubling its quarterly cash dividend to 20 cents per share.

Applied Materials said second-quarter revenue is expected to be between $4.35 billion and $4.55 billion and earnings per share in the range of $1.10 to $1.18. Analysts on average expected profit of $1.02 per share and revenue of $4.24 billion.

Net income fell to $135 million, or 13 cents per share, in the quarter ended Jan. 28, from $703 million, or 65 cents per share, a year earlier.

The company said it took a charge of $1 billion due to the recent changes in the U.S. tax law.

Excluding items, the company earned $1.06 per share, beating the average analyst estimate of 98 cents per share, according to Thomson Reuters I/B/E/S.

Total net sales rose 28 percent to $4.20 billion in the quarter, above the Wall Street estimate of $4.12 billion.

Reporting by Arjun Panchadar in Bengaluru; Editing by Arun Koyyur

Airbnb's 'Experiences' business on track for 1 million bookings, profitability

SAN FRANCISCO (Reuters) – Airbnb Inc’s year-old tours and activities business is booking tens of thousands of travelers every month and is likely to be profitable late next year, the company said on Tuesday, highlighting success in its efforts to grow beyond renting rooms and homes.

More than a year ago, Airbnb announced a broad effort to become a full-fledged travel company, adding to its home-renting business an assortment of new services such as excursions to see local attractions and restaurant reservations.

The expansion is part of Airbnb’s efforts to diversify its revenue sources amid global regulatory pressures. In some cities, it has been forced to reel in its core business, in which people rent out spare rooms or entire apartments or houses to travelers. Airbnb is betting that revenue from its new travel services will eventually eclipse its proceeds from home rentals.

The company now expects its “Experiences” service, which travelers can use to book guided tours or activities hosted by a local resident, will by the second quarter be on track to have 1 million guest bookings in a year. That number assumes no growth in the business, Airbnb said, making it a conservative estimate.

There have been more than 260 million home- and room-rentals through Airbnb since the company launched a decade ago.

Experiences, one of four separate units within Airbnb, is on track to be profitable by the end of 2019, the company said.

Experiences is an eclectic assortment of more than 5,000 excursions across at least 58 cities, ranging from wine tasting in California to glass-blowing in Chicago, making a kimono in Tokyo or guided meditation in Paris. Many capitalize on the locale, such as a tour to discover the hidden stairways in San Francisco.

Airbnb said an additional 25,000 travel experiences will be available by the end of this year.

The company charges the people who host Experiences a 20 percent fee. By comparison, Airbnb charges home renting hosts a fee of about 3 percent and guests up to 15 percent of the reservation.

Airbnb, which is valued at $31 billion, has previously said the company as a whole is profitable. A spokesman on Tuesday declined to comment on the profitability of each of its other three business units – the home-renting service, a luxury vacation rental business and a separate China operation.

Chief Executive Brian Chesky this month refuted widely held expectations of an Airbnb initial-public offering this year, saying it is “not going public in 2018.”

Reporting by Heather Somerville; Editing by Peter Henderson and Susan Thomas

Shareholder Deason sues Xerox in U.S. to block Fujifilm deal

(Reuters) – Xerox Corp (XRX.N) shareholder Darwin Deason asked a court on Tuesday to block the company’s merger with Japan’s Fujifilm Holdings Corp (4901.T), claiming the U.S. photocopier maker’s board failed shareholders by approving a deal that undervalues the company.

The lawsuit is the latest in Deason and fellow shareholder Carl Icahn’s fight to stop Fujifilm from taking over Xerox in a $6.1 billion deal. The two investors, who control 15 percent of Xerox, aruge the transaction dramatically undervalues Xerox and “disproportionately” favors Fuji.

The Fujifilm deal, “must be stopped dead in its tracks,” said Deason’s lawsuit filed in state court in New York.

Xerox has countered the claims saying that the merger seemed to be the best path for the company after a year of exhaustive examination of a number of alternatives.

“Mr. Deason’s allegations are without merit and the company will vigorously defend itself,” Xerox said in a statement.

Under the deal announced last month, Fujifilm plans to combine the U.S. company into their existing joint venture, to gain scale and cut costs as demand for office printing declines.

The joint venture has existed in various forms since 1962 and the current structure dates to 2001. The merger deal is expected to close in July or August.

The joint venture agreements have a previously undisclosed “crown jewel” lock-up right that gives Fuji control over Xerox’s intellectual property and manufacturing rights in the Asia-Pacific market if Xerox sells a 30 percent stake to another suitor, according to the lawsuit.

A “crown jewel” agreement is an offer to sell the stock or assets of a company to an investor most desirable to management – to prevent hostile takeovers.

Xerox said that Icahn had been privy to the details of the agreement through his representative, Jonathan Christodoro, on the Xerox Board, while Deason had been aware of the agreement when he sold his company, ACS, to Xerox in 2009.

“These documents have since been publicly disclosed. For any of them to assert that these agreements were ‘shrouded in mystery’ is disingenuous, at best,” the company said in a statement early on Tuesday, before the lawsuit was made public.

Deason also included former Xerox Chief Executive Ursula M. Burns in the lawsuit, saying she was chairman of Xerox between May 2010 and May 2017 and had full knowledge of the Fuji-Xerox joint venture agreements.

In a letter to shareholders, who still have to approve the deal, Xerox said that walking away from the joint venture would require it to completely rebuild its supply chain, which would be extremely expensive and take years to implement.

On Monday, Icahn and Deason, who own a combined 15.2 percent in Xerox, called upon shareholders to free “the company from the shackles of the Fuji Xerox joint venture.”

Some analysts have said that Xerox and Fujifilm management seem locked into the deal and have limited options in terms of addressing Icahn’s and Deason’s opposition.

Shares of Xerox closed down 2.6 percent at $29.17 on the New York Stock Exchange.

Reporting by Laharee Chatterjee, Aishwarya Venugopal and Supantha Mukherjee in Bengaluru; Editing by Patrick Graham and Tom Brown

Cryptojacking Found in Critical Infrastructure Systems Raises Alarms

The rise of cryptojacking—which co-opts your PC or mobile device to illicitly mine cryptocurrency when you visit an infected site—has fueled mining’s increasing appeal. But as attackers have expanded their tools to slyly outsource the number of devices, processing power, and electricity powering their mining operations, they’ve moved beyond the browser in potentially dangerous ways.

On Thursday, the critical infrastructure security firm Radiflow announced that it had discovered cryptocurrency mining malware in the operational technology network (which does monitoring and control) of a water utility in Europe—the first known instance of mining malware being used against an industrial control system.

Radiflow is still assessing the extent of the impact, but says that the attack had a “significant impact” on systems. The researchers note that the malware was built to run quietly in the background, using as much processing power as it could to mine the cryptocurrency Monero without overwhelming the system and creating obvious problems. The miner was also designed to detect and even disable security scanners and other defense tools that might flag it. Such a malware attack increases processor and network bandwidth usage, which can cause industrial control applications to hang, pause, and even crash—potentially degrading an operator’s ability to manage a plant.

“I’m aware of the danger of [malware miners] being on industrial control systems though I’ve never seen one in the wild,” says Marco Cardacci, a consultant for the firm RedTeam Security, which specializes in industrial control. “The major concern is that industrial control systems require high processor availability, and any impact to that can cause serious safety concerns.”

Low Key Mining

Radiflow CEO Ilan Barda says the company had no idea it might discover a malicious miner when it installed intrusion detection products on the utility’s network, particularly on its inner network, which wouldn’t usually be exposed to the internet. “In this case their internal network had some restricted access to the internet for remote monitoring, and all of a sudden we started to see some of the servers communicating with multiple external IP addresses,” Barda says. “I don’t think this was a targeted attack, the attackers were just trying to look for unused processing power that they could use for their benefit.”

Industrial plants may prove an enticing environment for malicious miners. Many don’t use a lot of processing power for baseline operations, but do draw a lot of electricity, making it relatively easy for mining malware to mask both its CPU and power consumption. And the inner networks of industrial control systems are known for running dated, unpatched software, since deploying new operating systems and updates can inadvertently destabilize crucial legacy platforms. These networks generally don’t access the public internet, though, and firewalls, tight access controls, and air gaps often provide additional security.

Security specialists focused on industrial control, like the researchers at Radiflow, warn that the defenses of many systems still fall short, though.

“I for one have seen a lot of poorly configured networks that have claimed to be air gapped but weren’t,” RedTeam Security’s Cardacci says. “I am by no means saying that air gaps don’t exist, but misconfigurations occur often enough. I could definitely see the malware penetrating crucial controllers.”

With so much fallow processing power, hackers looking to mine—often with automated scanning tools—will happily exploit flaws in an industrial control system’s defenses if it means access to the CPUs. Technicians with an inside track may also yield to temptation; reports surfaced on Friday that a group of Russian scientists were recently arrested for allegedly using the supercomputer at a secret Russian research and nuclear warhead facility for Bitcoin mining.

“The cryptocurrency craze is just everywhere,” says Jérôme Segura, lead malware intelligence analyst at the network defense firm Malwarebytes. “It’s really changed the dynamic for a lot of different things. A large amount of the malware we’ve been tracking has recently turned to do some mining, either as one module or completely changing attention. Rather than stealing credentials or working as ransomware, it’s doing mining.”

Getting Serious

Though in-browser cryptojacking was a novel development toward the end of 2017, malicious mining malware itself isn’t new. And more and more attacks are cropping up all the time. This weekend, for example, attackers compromised the popular web plugin Browsealoud, allowing them to steal mining power from users on thousands of mainstream websites, including those of United States federal courts system and the United Kingdom’s National Health Service.

Traditional mining attacks look like the Browsealoud incident, targeting individual devices like PCs or smartphones. But as the value of cryptocurrency has ballooned, the sophistication of attacks has grown in kind.

Radiflow’s Barda says that the mining malware infecting the water treatment plant, for instance, was designed to spread internally, moving laterally from the internet-connected remote monitoring server to others that weren’t meant to be exposed. “It just needs to find one weak spot even on a temporary basis and it will find the way to expand,” Barda says.

Observers say it’s too soon to know for sure how widespread cryptojacking will become, especially given the volatility of cryptocurrency values. But they see malicious mining cropping up in critical infrastructure as a troubling sign. While cryptojacking malware isn’t designed to pose an existential threat—in the same way a parasite doesn’t want to kill its host—it still wears on and degrades processors over time. Recklessly aggressive mining malware has even been known to cause physical damage to infected devices like smartphones.

It also seems at least possible, that an attacker with goals more sinister than a quick financial gain could use mining malware to cause physical destruction to critical infrastructure controllers—a class of rare but burgeoning attacks.

“We’ve seen this technique with ransomware like NotPetya where it’s been used as a decoy for a more dangerous attack,” Segura says. “Mining malware could be used in the same way to look financially motivated, but in fact the goal was to trigger something like the physical damage we saw with Stuxnet. If you run miners at 100 percent you can cause damage.”

Such a calamitous attack remains hypothetical, and might not be practical. But experts urge industrial control plants to consistently audit and improve their security, and ensure that they’ve truly siloed internal networks, so there are no misconfigurations or flaws that attackers can exploit to gain access.

“Many of these systems are not hardened and are not patched with the latest updates. And they must run 24/7, so recovery from crypto-mining, ransomware, and other malware threats is much more problematic in industrial control system networks,” says Jonathan Pollet, the founder of Red Tiger Security, which consults on cybersecurity issues for heavy industrial clients like power plants and natural gas utilities. ” I hope this helps create a sense of urgency.”

Cryptojack Attacks

U.S., UK government websites infected with crypto-mining malware: report

(Reuters) – Thousands of websites, including ones run by U.S. and UK government agencies, were infected for several hours on Sunday with code that causes web browsers to secretly mine digital currencies, technology news site The Register reported.

More than 4,200 sites were infected with a malicious version of a widely used tool known as Browsealoud from British software maker Texthelp, which reads out webpages for people with vision problems, according to The Register.

The news comes amid a surge in cyber attacks using software that forces infected computers to mine crypto currencies on behalf of hackers. The prevalence of these schemes has increased in recent months as the volume of trading in bitcoin and other crypto currencies has surged.

The tainted version of Browsealoud caused inserted software for mining the digital currency Monero to run on computers that visited infected sites, generating money for the hackers behind the attack, The Register said.

Representatives of the U.S. and British law enforcement agencies and Texthelp could not immediately be reached for comment.

Texthelp told The Register that it had shut down the operation by disabling Browsealoud while its engineering team investigated.

Reporting by Jim Finkle in Toronto; Additional reporting by Mark Hosenball in Washington; Editing by Daniel Wallis

Bitcoin and Bug Bounties on the Hill, Apple and Cisco’s Cyber Deal, iPhone Leak

Good morning, Cyber Saturday readers.

On Tuesday, the U.S. Senate convened two hearings on a couple of this newsletter’s favorite topics: cryptocurrencies and bug bounty programs. The day’s testimonies were chock full of fresh insights—and were a welcome diversion, for this author, from the government’s unending budgetary troubles.

The first hearing before the Senate Banking Committee saw Jay Clayton, chair of the Securities and Exchange Commission, and Christopher Giancarlo, chair of the Commodity Futures Trading Commission, dish about virtual money. Amid cratering prices, repeated thefts, and recent banking credit bans, Bitcoin investors had braced themselves for the worst. The regulators, however, struck several positive notes during the session, praising Bitcoin for spurring innovations in digital ledger technology. Giancarlo, for one, promised “a thoughtful and balanced response, and not a dismissive one” to the digital gold rush.

One point to keep an eye on: Clayton warned entrepreneurs against “initial coin offerings,” recent fundraising phenomena that founders have used to raise billions of dollars through the sale of digital tokens. “To the extent that digital assets like ICOs [initial coin offerings] are securities—and I believe every ICO I’ve seen is a security—we have jurisdiction and our federal securities laws apply,” he said. Expect Clayton’s agency to continue to pursue action against projects it deems in violation of securities laws.

The second hearing before the Senate Subcommittee on Consumer Protection invited cybersecurity professionals to the Hill to discuss the historically uneasy relationship between companies and hackers. Some highlights: John Flynn, Uber’s chief information security officer, told the panel that his company “made a misstep” by failing to promptly report a 2016 data breach that recently came to light. Mårtin Mickos, CEO of HackerOne, a bug bounty startup, urged legislators to revise laws used to prosecute hackers and to standardize data breach notification requirements at the federal level. And Katie Moussouris, founder of Luta Security, a bug bounty consultancy, pressed companies to adopt clear policies around vulnerability reporting. (HackerOne posted a nice recap of the day’s happenings, which you can read on its blog here.)

Both hearings were highly encouraging. Let’s hope that when the lawmakers reexamine their books, they’ll keep the good sense of these experts in mind.

Have a great weekend.

Robert Hackett

@rhhackett

[email protected]

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.

THREATS

Digital defense discount deals. Insurer Allianz will offer discounts on cybersecurity insurance coverage to customers that use Apple devices, like Macs and iPhones, Cisco security products designed to protect against ransomware attacks, and risk evaluations from Aon, the professional services firm. Apple CEO Tim Cook and Cisco CEO Tim Robbins revealed in June that they were collaborating with insurers on these new policies.

Suspicious spy saga sours. U.S. intelligence agents, lured by the possibility of recovering hacking tools stolen from the NSA, paid a Russian intermediary an installment of $100,000 for the alleged cyber weapons last year. Further negotiations fell through after the Russian source delivered only materials already made public by the “shadow brokers,” a mysterious group that first started leaking the NSA attack code in 2016, and as the source continued to push unverifiable, allegedly compromising materials related to President Donald Trump.

Intern infiltrates iPhone internals. Apple forced the code-sharing website Github to take down a post containing leaked source code for the iPhone’s boot process this week, as Motherboard first reported. Apparently, the code escaped Apple headquarters when a lowly intern absconded with the files and shared them with friends in the “jailbreaking” hacker community.

Banks ban Bitcoin buys. Credit card issuers are forbidding cryptocurrency purchases on credit in an effort to reduce financial and legal risks. Firms that have recently blacklisted Bitcoin sellers include Bank of America, J.P. Morgan Chase, Citigroup, Capital One, Discover, and Lloyds.

Hey, you using that nuclear supercomputer? Mind if I borrow it for something?

Share today’s Data Sheet with a friend:

http://fortune.com/newsletter/datasheet/

Looking for previous Data Sheets? Click here.

ACCESS GRANTED

“If we lived in a dystopian world without trust, Bitcoin might dominate existing payment methods. But in this world, where people do tend to trust financial institutions to handle payments and central banks to maintain the value of money it seems unlikely that bitcoin could ever be as convenient as existing payment means.”

Antoine Martin, an economist at the Federal Reserve Bank of New York, penned an op-ed that takes a whack at Bitcoin. He said the cryptocurrency could be useful—just not in this universe. But then, that’s what a Fed banker would say…

Meanwhile, Tyler Winklevoss told CNBC that people who fail to see Bitcoin’s potential suffer a “failure of imagination.”

ONE MORE THING

Inside the “smart” home panopticon. If you’re interested in living in a “smart” home—an abode outfitted with hi-tech, Internet-connected gadgetry—you should first understand the extent to which everyday household items will spy on you. This Gizmodo investigation details, in an entertaining firsthand account, the many ways that connected TVs, security cameras, coffee makers, mattress covers, and more mundane objects invade people’s privacy. Add to that the micro-aggravations of dealing with buggy domestic devices and you’ll be left wondering how this stuff ever came to be called “smart.”

Uber board got assurances on diligence ahead of self-driving deal: investor

SAN FRANCISCO (Reuters) – A key Uber investor testified on Thursday that the company’s board received assurances that due diligence had turned up no problems with a self-driving car startup which Uber acquired, differing from testimony by Uber’s former chief executive.

Benchmark venture capitalist Bill Gurley, who has since left Uber’s board, said that before the company acquired a startup founded by a former Waymo engineer in 2016, board members were told that due diligence on the company “had turned up nothing.”

Alphabet Inc’s (GOOGL.O) Waymo sued Uber Technologies Inc [UBER.UL] a year ago, accusing it of theft of self-driving car trade secrets.

Waymo said that one of the company’s former engineers, Anthony Levandowski, downloaded more than 14,000 confidential files containing designs for autonomous vehicles before Uber acquired his startup, Otto.

The trial could influence one of the most important and potentially lucrative races in Silicon Valley – to create fleets of self-driving cars.

Gurley’s recollection is different with former Uber CEO Travis Kalanick, who testified on Wednesday that he never read a due diligence report prepared by an outside firm that determined Levandowski did possess Alphabet data.

Kalanick denied telling the board that diligence on Levandowski had come back “clean.”

As part of the Otto acquisition, Uber indemnified Levandowski and his team against any future lawsuits filed by Waymo over trade-secret theft.

In a brief appearance on the witness stand on Thursday, Gurley said he could not say for sure who from Uber management assured the board, but recalled that Kalanick led the majority of the presentation. He called the indemnification agreement “atypical.”

“We as a group made the decision to move forward because the diligence was OK,” Gurley said in court on Thursday. He also said “as far as I know” no trade secrets came from Waymo to Uber.

The trial is expected to continue through next week. The jury will have to decide whether the documents downloaded by Levandowski were indeed trade secrets and not common knowledge, and whether Uber improperly acquired them, used them and benefited from them.

Reporting by Heather Somerville; Writing by Dan Levine; Editing by Bill Rigby

Big Tech should pay more taxes: German coalition

BERLIN (Reuters) – The two political parties seeking to form Germany’s next government want big companies to pay more tax, according to a coalition agreement whose text singled out U.S. tech giants by name.

“We support fair taxation of large companies, in particular Internet concerns like Google, Apple, Facebook and Amazon,” according to a brief passage in their 177-page coalition pact published on Wednesday.

Chancellor Angela Merkel’s conservatives and the Social Democratic Party (SPD) are seeking to revive the ‘grand coalition’ alliance that has governed Germany for the past four years.

SPD leader Martin Schulz, poised to become foreign minister if party members back the coalition deal, has urged the European Union to ensure that Big Tech pays more tax. He also wants to create the post of EU finance minister.

Separately, French Finance Minister Bruno Le Maire told Reuters the EU must lead the way by adopting legislation early next year to ensure that big global tech companies pay billions of euros in taxes in Europe.

Google (GOOGL.O), Apple (AAPL.O) Facebook (FB.O). and Amazon (AMZN.O) are in Europe often taxed on profits booked by subsidiaries in low-tax countries like Ireland or Luxembourg even though their revenues are earned across the bloc.

The European Commission declined to comment on the German coalition agreement, but did say that it was examining “all possible policy options” and would come forward this spring with new rules for digital taxation.

“As for every business, digital giants should pay their fair share of tax in the countries where their profits are earned,” the Commission said in written answers to Reuters questions.

Reporting by Andrea Shalal, Ingrid Melander and Foo Yun Chee; Writing by Douglas Busvine; Editing by Richard Balmforth

Watch Out, Sony and Microsoft: Google Is Developing a Video Game Streaming Service

Google, which has largely sat on the sidelines of the video game industry, seems ready to get in the fight.

The company is working on a new service codenamed Yeti, which would let people play games streamed to them online, potentially eliminating the need for a dedicated console like the PlayStation 4 or a high-end gaming computer.

News of the service first broke via The Information. Gaming industry insiders, who were not authorized to speak on-the-record, tell Fortune that Google is targeting a holiday 2019 release for Yeti, though the company is currently behind schedule and that date could shift.

Google recently hired Phil Harrison, a long-time gaming industry veteran. Sources indicate he is closely involved with the project. Harrison spent 15 years as the head of Sony’s network of game studios and three years as a senior member of Microsoft’s Xbox team. Since leaving those companies, he has served as an adviser and board member to various gaming companies.

Google declined to discuss the initiative, citing a company policy of not commenting on rumors or speculation.

Some details about Yeti are still fuzzy. It could be a dedicated streaming box or could operate through the company’s Chromecast device. How it will overcome issues of in-game lag is one of the biggest hurdles. But Fortune has learned that several major publishers are working with Google on the project.

Yeti would compete with Sony’s Playstation Now streaming service, which carries a $19.95 monthly fee (or $100 annual fee). That service, built off of one of the pioneers in game streaming, has not found an especially large audience, in part because of the high price and older catalog of games. Microsoft has previously discussed launching a game streaming service, but has not made any announcements about a new streaming product.

Google has flirted with the game industry before. It almost acquired Twitch in 2014 for $1 billion, but the deal fell apart in the final stages. (Amazon would later acquire that game streaming service.) Since then, Google’s YouTube division has dramatically increased its presence in the video game world, live streaming from E3, the video game industry trade show, and enabling live game streaming.

There’s certainly a big financial incentive for Google in video games. The industry saw revenues of $36 billion in the U.S. alone in 2017. Globally, it generates over $100 billion each year.