hackers

Friday Morning: The Political is Musical

It’s Friday, and that means more jazz. Today’s genre is Afrobeat, which emerged in the late 1960s/early 1970s.

Nigerian musician Fela Kuti is credited as the genre’s progenitor, though Fela maintained drummer Tony Allen was essential to style, saying, “[w]ithout Tony Allen, there would be no Afrobeat.”

Afrobeat fuses a number of different types of music with jazz, including funk, highlife, rock, and folk music from West African cultures. In this video, Beasts of No Nation, it’s easy to hear the different styles of music added as layers underpinned and unified by drums.

The lyrics of many Afrobeat tunes are very political; the album of the same name, Beasts of No Nation, was an anti-apartheid statement released in 1989.

Recommended read to accompany today’s musical selection: The Wealth of Nations by Emmanuel Iduma (Guernica magazine).

Let’s move…

Not far from the Apple tree
Lots of developments yesterday in the  #AppleVsFBI story.

  • In support of Apple, big names in tech file amicus briefs to meet deadline. The two most powerful briefs constituted a who’s who of Silicon Valley. Amazon, Box, Cisco, Dropbox, Evernote, Facebook, Google, Microsoft, Mozilla, Nest, Pinterest, Slack, Snapchat, WhatsApp, and Yahoo filed one joint brief. AirbNb, atlassian, Automattic, Cloudflare, EBay, Github, Kickstarter, LinkedIN, Mapbox, Medium, Meetup, Reddit, Square, SquareSpace, Twilio, Twitter, Wickr filed the second. There were several other pro-Apple briefs filed, but none with the economic clout of these two briefs.
  • Cato’s Julian Sanchez may have the best take on yesterday’s filings.
  • UN’s High Commissioner for Refugees Zeid Ra’ad Al Hussein said forcing Apple to write code for the FBI “could have extremely damaging implications for the human rights of many millions of people, including their physical and financial security,” constituting a “a gift to authoritarian regimes.”
  • Michael Ramos, the San Bernardino County DA, exposed his lack of technology prowess in an ex parte application to participate as Amicus Curiae.

    “The iPhone is a county owned telephone that may have connected to the San Bernardino County computer network. The seized iPhone may contain evidence that can only be found on the seized phone that it was used as a weapon to introduce a lying dormant cyber pathogen that endangers San Bernardino’s infrastructure…”

    Emphasis mine. WHAT. EVEN. Dude just screwed law enforcement, making the case (using a made-up term) for the iPhone to never be opened.

Brazil’s former president Lula held for questioning as home raided
The investigation into state-run oil company Petrobras now reaches deeply into the highest levels of Brazil’s government. Investigators are looking into former president Luiz Inacio Lula da Silva’s role in Petrobras’ corruption, including kickbacks and influence peddling. The investigation’s discoveries threaten the viability of current president Dilma Rousseff’s ruling coalition. Wonder if the NSA was following this when they were spying on Petrobras?

Quick licks

  • Absolute insanity: Amazon’s Kindle devices no longer encrypted (Motherboard) — Well, nobody in this household is getting a Kindle any time soon.
  • Nope, not hackers, not squirrels: bird droppings suspected in shutdown of Indian Point nuke plant last December (Phys.org)
  • Joint US-UK college hacking competition this weekend (Phys.org) — Wanna’ bet some of these students will be asked about hacking Apple iPhones?
  • Connecticut wants to ban weaponization of drones, thanks to stupid teenager’s home project (Naked Security) — Seems like a federal issue, IMO, but let me guess the gun lobby will step and whine about gun-enabled drones as a Second Amendment right. Surely our forefathers anticipated flying, cellphone-controlled privately-owned gun drones.

Ugh. That’s a wrap on this week, stopping now before this really devolves though I can’t see any distance between here and absolute bottom. Have a good weekend!

Tuesday Morning: Flip Off

Flip off a few caps; Death came for a few more well-loved artists. Rest well, Glenn Frey, Dale Griffin, Dallas Taylor. Gonna’ be one heck of a band on the other side. [Edit: Mic Gillette, too? Stop already, Grim Reaper, check your targeting.]

Hope the cull is done because obituaries are not my thing. Hard to type and sniffle copiously at the same time.

GM Opel dealers may be altering emissions control software on Zafira diesel cars
Great, just great. Like GM didn’t have enough on its plate with the ignition switch debacle. A Belgian news outlet reports GM Opel dealers have been changing the software on the 2014 Zafira 1.6l diesel engine passenger vehicles in what looks like a soft recall. This comes on the heels of an EU-mandated recall of Zafira B models due to fires caused by bad electronics repairs. Sorry, I don’t speak Dutch, can’t make out everything in this video report. What little I can see and read doesn’t look good. Wouldn’t be surprised if the EU puts the hurt on GM Opel diesel sales until all are fixed to meet EU emissions regulations. Should also note that a different electronics manufacturer may be involved; images online of ECUs for late model Zafiras appear to be made by Siemens — unlike Volkswagen’s passenger diesel ECUs, which are made by Bosch.

Texas manufacturer swindled out of cash by fraudulent email request, sues cyber insurer
AFGlobal, based in Houston, lost $480,000 in May 2014 after staff wired funds based on orders in emails faked by crooks overseas. The manufacturing company had a cyber insurance policy with a subsidiary of the Chubb Group, and filed a claim against it. The claim was denied and AFGlobal filed suit. This isn’t the first such loss nor the first such lawsuit. Companies need to create and publish policies documenting procedures for authorizing any online payments, including two-step authentication of identities, and review overall spending authorization processes with an eye on audit trails.

Ukrainian officials say Kiev’s main airport hacked
Hackers who attacked Ukrainian power companies in late December are believed to be responsible for the malware launched on Kiev’s airport servers. There are very few details — okay, none, zero details — about the attack and its affect on airport operations. A military spokesman only said “the malware had been detected early in the airport’s system and no damage had been done,” and that the malware’s point of origin was in Russia. Among the details missing are the date the attack was discovered and how it was detected as well as the means of removal.

Hold this thought: FBI still looking for info on cable cuts, with eye to Super Bowl link
Remember the post last summer about the 11 communications cable cuts in the greater San Francisco Bay Area near Silicon Valley? This is a hot issue again, given the impending Super Bowl 50 to be held at Levi’s Stadium in Santa Clara. But reports now mention 15 or 16 cuts, not 11 — have there been more since last summer, or were there more not included in the FBI’s request for information? I’ll do some digging and post about this in the near term.

All right, carry on, and don’t drink all the añejo at once.

Tuesday Morning: Wow, You Survived Business Day 1

The post-holiday season debris field continues to thin out, making its way by the truckful to the landfill. I wonder how much oil the season’s plastic wrappings consumed.

Here’s what the trash man left behind this morning.

Hackers caused power outage — the first of its kind?
Marcy’s already posted about the electrical power disruption in Ukraine this past week, labeled by some as the first known hacker-caused outage. I find the location of this malware-based outage disturbing due to its location in western Ukraine. Given the level of tensions with Russia along the eastern portion of the country, particularly near Donetsk over the past couple of years, an outage in the west seems counterintuitive if the hackers were motivated by Ukraine-Russian conflict.

And hey, look, the hackers may have used backdoors! Hoocudanode hackers would use backdoors?!

Fortunately, one government is clued in: the Dutch grok the risks inherent in government-mandated backdoors and are willing to support better encryption.

‘Netflix and chill’ in a new Volvo
I’ve never been offered a compelling case for self-driving cars. Every excuse offered — like greater fuel efficiency and reduced traffic jams — only make greater arguments for more and better public transportation.

The latest excuse: watching streaming video while not-driving is Volvo’s rationalization for developing automotive artificial intelligence.

I’m not alone in my skepticism. I suspect Isaac Asimov is rolling in his grave.

US Govt sues pollution-cheater VW — while GOP Congress seeks bailout for VW
WHAT?! Is this nuts or what? A foreign car company deliberately broke U.S. laws, damaging the environment while lying to consumers and eating into U.S.-made automotive market share. The Environmental Protection Agency filed suit against Volkswagen for its use of illegal emissions control defeat systems. The violation of consumers’ trust has yet to be addressed.

Thank goodness for the GOP-led House, which stands ready to offer a freaking bailout to a lying, cheating foreign carmaker which screwed the American public. Yeah, that’ll fix everything.

Remember conservatives whining about bailing out General Motors during 2008’s financial crisis? All of them really need a job working for VW.

Massive data breach affecting 191 million voters — and nobody wants to own up to the database problem
An infosec researcher disclosed last week a database containing records on 191 million voters was exposed. You probably heard about this already and shrugged, because data breaches happen almost daily now. No big deal, right?

Except that 191 million voters is more than the number of people who cast a vote in 2012 or even 2008 presidential elections. This database must represent more than a couple election cycles of voter data because of its size — and nobody’s responding appropriately to the magnitude of the problem.

Nobody’s owning up to the database or the problem, either.

Here’s a novel idea: perhaps Congress, instead of bailing out lying, cheating foreign automakers, ought to spend their time investigating violations of voters’ data — those folks that put them in office?

Any member of Congress not concerned about this breach should also avoid bitching about voter fraud, because hypocrisy. Ditto the DNC and the Hillary Clinton campaign.

Whew, there it is, another mark on the 2016 resolution checklist. Have you checked anything off your list yet? Fess up.

Sony Pictures Postmortem Reveals Death by Stupid

FORTUNE_SonyHack-GovtAV_25JUN2015We already knew Sony Pictures Entertainment’s (SPE) hack was bad. We knew that the parent, Sony Group, had been exposed to cyber attacks of all kinds for years across its subsidiaries, and slow to effect real changes to prevent future attacks.

And we knew both Sony Group and SPE shot themselves in the feet, literally asking for trouble by way of bad decisions. Sony Electronics’ 2005 copy protection rootkit scandal and SPE’s utter lack of disregard for geopolitics opened the businesses to risk.

But FORTUNE magazine’s expose about the hacking of SPE — of which only two of three parts have yet been published — reveals a floundering conglomerate unable to do anything but flail ineffectively.

It’s impossible to imagine any Fortune 500 corporation willing to tolerate working with 1990s technology for any length of time, let alone one which had no fail-over redundancies or backup strategies, no emergency business continuity plan to which they could revert in the event of a catastrophe. But FORTUNE reports SPE had been reduced to using fax machines to distribute information, in large part because many of its computers had been completely wiped by malware used in the attack.

Pause here and imagine what you would do (or perhaps, have done) if your computer was completely wiped, taking even the BIOS. What would you do to get back in business? You’ve given more thought about this continuity challenge than it appears most of SPE’s management invested prior to last November’s hack, based on reporting to date.

A mind-boggling part of FORTUNE’s expose is the U.S. government’s reaction to SPE’s hack. The graphic above offers the biggest guffaw, a quote by the FBI’s then-assistant director of its cyber division. Knowing what we know now about the Office of Personnel Management hack, the U.S. government is a less-than-credible expert on hacking prevention. While the U.S. government maintains North Korea was responsible, it’s hard to take them seriously when they’ve failed so egregiously to protect their own turf. Continue reading

Sony, Hacked: It’s Not One Massive Breach – It’s More Than 50 Breaches in 15 Years

Cybersecurity_MerrillCollegeofJournalismEver try to follow an evolving story in which the cascade of trouble grew so big and moved so fast it was like trying to stay ahead of a pyroclastic flow?

That’s what it’s like keeping up with emerging reports about the massive cyber attack on Sony. (Granted, it’s nothing like the torture report, but Hollywood has a way of making the story spin harder when it’s about them.)

The second most ridiculous part of the Sony hack story is the way in which the entertainment industry has studiously avoided criticizing those most responsible for data security.

In late November, when the hacker(s) self-identified as “Guardians of Peace” made threats across Sony Pictures’ computer network before releasing digital film content, members of the entertainment industry were quick to revile pirates they believed were intent on stealing and distributing digital film content.

When reports emerged implicating North Korea as the alleged source of the hack, the industry backpedaled away from their outrage over piracy, mumbling instead about hackers.

The industry’s insiders shifted gears once again it was revealed that Sony’s passwords were in a password-protected file, and the password to this file was ‘password.

At this juncture you’d think Sony’s employees and contractors – whose Social Security numbers, addresses, emails, and other sensitive information had been exposed – would demand a corporate-wide purge of IT department and Sony executives.

You’d think that anyone affiliated with Sony, whose past and future business dealings might also be exposed would similarly demand expulsion of the incompetents who couldn’t find OPSEC if it was tattooed on their asses. Or perhaps investors and analysts would descend upon the corporation with pitchforks and torches, demanding heads on pikes because of teh stoopid.

Nope.

Instead the industry has been tsk-tsking about the massive breach, all the while rummaging through the equivalent of Sony Pictures’ wide-open lingerie drawer, looking for industry intelligence. Reporting by entertainment industry news outlets has focused almost solely on the content of emails between executives.

But the first most ridiculous part of this massive assault on Sony is that Sony has been hacked more than 50 times in the last 15 years.

Yes. That’s More Than Fifty.

Inside Fifteen Years. Continue reading

Why So Surprised? CIA, U.S. Military Knew Chinese Hackers Expected Since 1999

Cover, Unrestricted Warfare via Wikimedia

Cover, Unrestricted Warfare via Wikimedia

The breathless reporting about the alleged Chinese hacking at The New York Times is truly annoying because of the shock it displays. The surprise any major government or private corporate entity shows at this point about any network-based security breach that appears to originate from China should be treated as propaganda, or a display of gross ignorance.

In 1999, the CIA’s Foreign Broadcast Information Service published a white paper entitled Unrestricted Warfare, written by the PRC’s Col. Qiao Liang and Col. Wang Xiansui. The publication outlined the methodologies a nation-state could deploy as part of an asymmetric war. Further, the same work outlined the U.S.’s weaknesses at that time were it to confront such asymmetric warfare. It did not focus any other nation-state, just the U.S.*

The colonels acknowledged that the U.S.—at the time of the paper—had considered using a range of tools in response to conflicts:

“…There’s no getting around the opinions of the Americans when it comes to discussing what means and methods will be used to fight future wars. This is not simply because the U.S. is the latest lord of the mountain in the world. It is more because the opinions of the Americans on this question really are superior compared to the prevailing opinions among the military people of other nations. The Americans have summed up the four main forms that warfighting will take in the future as: 1) Information warfare; 2) Precision warfare [see Endnote 8]; 3) Joint operations [see Endnote 9]; and 4) Military operations other than war (MOOTW) [see Endnote 10]. This last sentence is a mouthful. From this sentence alone we can see the highly imaginative, and yet highly practical, approach of the Americans, and we can also gain a sound understanding of the warfare of the future as seen through the eyes of the Americans. Aside from joint operations, which evolved from traditional cooperative operations and coordinated operations, and even Air- Land operations, the other three of the four forms of warfighting can all be considered products of new military thinking. General Gordon R. Sullivan, the former Chief of Staff of the U.S. Army, maintained that information warfare will be the basic form of warfighting in future warfare. For this reason, he set up the best digitized force in the U.S. military, and in the world. Moreover, he proposed the concept of precision warfare, based on the perception that “there will be an overall swing towards information processing and stealthy long-range attacks as the main foundations of future warfare.” For the Americans, the advent of new, high-tech weaponry, such as precision-guided weapons, the Global Positioning System (GPS), C4I systems and stealth airplanes, will possibly allow soldiers to dispense with the nightmare of attrition warfare. …”

The rise of military tools like drones for precision-guided stealth attacks was predicted; quite honestly, the PRC’s current cyber warfare could be a pointed response to Gen. Sullivan’s statement about information warfare.

But in acknowledging the U.S.’s future use of MOOTW, the colonels also offered up the most likely approaches in an asymmetric assault or response: trade war, financial war, new terror war in contrast to traditional terror war, ecological war. Of these, they cited a specific example of new terror war entity and attacks: Continue reading

Emptywheel Twitterverse
It seems that widget parameters haven't been configured properly. Please make sure that you are using a valid twitter username or query, and that you have inserted the correct authentication keys. Detailed instructions are written on the widget settings page.
May 2016
S M T W T F S
« Apr    
1234567
891011121314
15161718192021
22232425262728
293031