Tuesday Morning: Flip Off

Flip off a few caps; Death came for a few more well-loved artists. Rest well, Glenn Frey, Dale Griffin, Dallas Taylor. Gonna’ be one heck of a band on the other side. [Edit: Mic Gillette, too? Stop already, Grim Reaper, check your targeting.]

Hope the cull is done because obituaries are not my thing. Hard to type and sniffle copiously at the same time.

GM Opel dealers may be altering emissions control software on Zafira diesel cars
Great, just great. Like GM didn’t have enough on its plate with the ignition switch debacle. A Belgian news outlet reports GM Opel dealers have been changing the software on the 2014 Zafira 1.6l diesel engine passenger vehicles in what looks like a soft recall. This comes on the heels of an EU-mandated recall of Zafira B models due to fires caused by bad electronics repairs. Sorry, I don’t speak Dutch, can’t make out everything in this video report. What little I can see and read doesn’t look good. Wouldn’t be surprised if the EU puts the hurt on GM Opel diesel sales until all are fixed to meet EU emissions regulations. Should also note that a different electronics manufacturer may be involved; images online of ECUs for late model Zafiras appear to be made by Siemens — unlike Volkswagen’s passenger diesel ECUs, which are made by Bosch.

Texas manufacturer swindled out of cash by fraudulent email request, sues cyber insurer
AFGlobal, based in Houston, lost $480,000 in May 2014 after staff wired funds based on orders in emails faked by crooks overseas. The manufacturing company had a cyber insurance policy with a subsidiary of the Chubb Group, and filed a claim against it. The claim was denied and AFGlobal filed suit. This isn’t the first such loss nor the first such lawsuit. Companies need to create and publish policies documenting procedures for authorizing any online payments, including two-step authentication of identities, and review overall spending authorization processes with an eye on audit trails.

Ukrainian officials say Kiev’s main airport hacked
Hackers who attacked Ukrainian power companies in late December are believed to be responsible for the malware launched on Kiev’s airport servers. There are very few details — okay, none, zero details — about the attack and its affect on airport operations. A military spokesman only said “the malware had been detected early in the airport’s system and no damage had been done,” and that the malware’s point of origin was in Russia. Among the details missing are the date the attack was discovered and how it was detected as well as the means of removal.

Hold this thought: FBI still looking for info on cable cuts, with eye to Super Bowl link
Remember the post last summer about the 11 communications cable cuts in the greater San Francisco Bay Area near Silicon Valley? This is a hot issue again, given the impending Super Bowl 50 to be held at Levi’s Stadium in Santa Clara. But reports now mention 15 or 16 cuts, not 11 — have there been more since last summer, or were there more not included in the FBI’s request for information? I’ll do some digging and post about this in the near term.

All right, carry on, and don’t drink all the añejo at once.

image_print
29 replies
  1. bloopie2 says:

    That cyberfraud thing kills me. Isn’t it just garden variety stupidity? Like falling for the Nigeria scam? I wonder what kind of previous boss-employee relationship the CEO and the subordinate had, that would cause the subordinate to think nothing of an e-mailed request for a sum large enough that insurance is implicated. Where are the standard internal controls that any organization must have, regardless of whether the money flows online or via paper check? And I agree with Chubb – the email is not a forged financial instrument. Sheesh. I wonder if either of the two has been fired.

  2. bloopie2 says:

    “FBI still looking for info on cable cuts, with eye to Super Bowl link. … I’ll do some digging … .” What, 16 cuts isn’t enough digging?
    .
    Actually I’m curious. Who would make money from cutting cables thereby to disrupt a Super Bowl broadcast? Or are they concerned that someone has tapped into the cables in order to enable a man in the middle attack on a billion viewers? I can see it now – subliminal messages – Buy a Chevy – Adopt a Rescue Dog – Kill the Heathens (you pick the religion) – Vote for Me – Subscribe to emptywheel – Send Money. So many possibilities.

    • Bill Michtom says:

      ‘Buy a Chevy – Adopt a Rescue Dog – Kill the Heathens (you pick the religion) – Vote for Me – Subscribe to emptywheel – Send Money”

      I have no problem with the fifth one.

  3. lefty665 says:

    Still think it was the car mfrs that screwed with the ECU software. That makes it supplier independent. Doesn’t mean the suppliers are innocents, just that the car makers are the real bad guys. Won’t be surprising if we find that other mfrs figured out what VW was doing and copycatted.
    .
    Fiber is hard to tap, NSA had to install sophisticated equipment at AT&T switches to get in. It’s not a simple hack.

    • bloopie2 says:

      So, a knowledgeable fiber repair person with her truck and equipment, couldn’t tap the cable? That would be a real “sleeper” — foreign agents get jobs as fiber repair people, then some years later are tasked to “start digging”. Maybe Rayne is one of them, with her “I’ll do some digging”. Come to think of it, I wonder how many such sleepers there might be in all of our municipal infrastructure providers. Can you imagine if, on an order from Central Command, they could take down several large cities’ water systems, or cable/internet systems? Yikes. Who needs hackers?

      • lefty665 says:

        With the abysmal operational security our public utilities apparently relish nobody needs to invest in planting and nurturing maintenance people “sleepers”. Straight up hacking is a hell of a lot easier, cheaper and can be done from anywhere in the world, often apparently from the comforts of home.
        .
        Hacking fiber is hard, it’s a lot harder than phishing for passwords. But, if someone wants to do it there’s no need to dig. Fiber light attenuates and needs to be periodically amplified. The cables come up above ground at “concentrators” to refresh the light and send it on its way. Those often have copper switches hung off them that provide puddles of POTS and DSL to local customers. Even if someone succeeded at getting in at the hardware level, making it undetectable is not trivial. Long ago NSA started installing fiber in D.C. precisely because it was hard to tap and breaches were relatively easy to find.

  4. haarmeyer says:

    Rayne, would you mind making a small update to your opening, please? Mic Gillette of Tower of Power has passed away as well.

  5. wayoutwest says:

    I don’t know if this has any connection to the fiber hacking in the Bay area but more than a dozen members of Deep Green Resistance including leadership have been harassed by FBI and Homeland Security agents recently even though the DGR activists are part of the aboveground legal resistance not the underground sabotage and disruption wing of the movement.

    The questioning seemed to be the usual probing and offers of rewards for assistance but the DGR members practiced their security culture training and refused to even talk with the agents knowing that anything said to an agent can be used against them.

    There was no mention of the Bay area fiber cable cutting actions in the underground message board at DGR but that could just be more security culture. It is interesting that the Feds seem to have no leads or suspects in these multiple and continuing underground actions.

  6. lefty665 says:

    That’s neat, thank you orion.
    .
    I agree bloopie2, seems likely there’s more to cable cutting than just because it’s there. Same with assaults on power sub-stations.

    • P J Evans says:

      I think that judge is wrong. No hospital open to the public should be putting religious beliefs ahead of actual medical care. (Certainly no hospital receiving public funding should be doing that.) A lot of people don’t realize how much of the healthcare system is in the hands of the Catholic bishops.

      • orionATL says:

        yeah. for some years now the american catholic church has been buying up for sale or failing rural hospitals for the express purpose of imposing their religious standards for women on the hospitals female patients.

        the precise analogy is a diner in 1963 refusing service to black customers.

        • Rayne says:

          orionATL + PJ Evans — I think this particular case has an economic argument as well. Not only might this Catholic hospital receive federal dollars, but it may have an oligopoly on health in the area, and therefore cannot discriminate providing health services. If this woman needed a life-saving abortion for a ruptured ectopic pregancy — a completely unviable pregnancy — would they refuse to treat her because it was an abortion? How can they say a tubal ligation might not prevent such a thing for a patient?

          Ugh. We need gender equity on the court and stat. Ditto in Congress. So frigging tired of white men telling all women what they may do with their bodies when white men do not face the mortal threats women face, will NEVER face expectation of maternal mortality due to pregnancy.

          • orionATL says:

            i haven’t re-read the wrticle as i should have, but 70 miles is my recollection. 70 miles for the woman AND her doctor to travel to another hospital to get her tubes tied.

            this is the same abuse of first ammend religous freedom right as a pharmicist refusing to give a customer a prescription, a business refusing to pay insurance for an employee’s birth contol medicine, or a court clerk refusing to give same-sex couples a CIVIL marriage license.

          • P J Evans says:

            I believe her doctor recommended the tubal for medical reasons, and it’s easier to do when she’s in the hospital after delivering. (The whole oh-we-can’t-do-this-because-babies is crap: she has kids already.)

            There are times I wish the RC hierarchy would get itself fucked and pregnant so they’d have a shot at understanding women’s view of the universe.

        • P J Evans says:

          Not just rural hospitals. Urban ones, too. My choice, here in the San Fernando Valley, is pretty much Catholic or Kaiser.

  7. Rayne says:

    Jeepers, you white dudes of a certain age better eat more veggies, less meat, and hit the treadmill. Especially if you’re an artist. Ugh. (I added Gillette, haarmeyer — a heart attack? ~sigh~)

    bloopie2 (9:01) — CEO is gone, accountant is still there. What’s that tell you? Entire situation could have been prevented by two-level authorization with physical signatures on any spending above a certain dollar amount. Think $25K was the threshold at a Fortune 100 company for which I worked; more than that in one purchase required a not-to-exceeed budget established the previous year, or board approval. Stupid simple non-cyber accountability.

    orionATL (11:47) — thanks for that, I’d gone looking this morning as skies were clear. Think I saw four of them. This post at ScienceAlert helped a lot, will be helpful with moon phases. Hoping tomorrow morning is clear, too.

    wayoutwest (11:56) — yeah, yeah, yeah, you were on about the possibility of eco-terrorists when I posted about the cable cuts last July. Do you have any substantive information to back up your theory at all? Because there’s still very little to suggest that eco groups, who rely heavily on the internet to organize, are the most likely cable cutting candidates. And if eco groups are all about saving the environment, why aren’t they hacking/cutting cable to transportation-related firms like automakers and trucking firms? Next time you bring this up, bring something solid about this theory.

    orionATL (1:09) — really need an organized push to get religion out of healthcare. I think the current Pope would understand this; it’s the bloody American Catholic bishops who are the really festering problem. And this SCOTUS will not help at all, must elect a Senate who’ll seat more women before this case ends up before the SCOTUS.

    • orionATL says:

      pope fancis would indeed (does, i’m confident) understand the gravity of denying women both the means to control their fertility and to enjoy sex. the american right wing does not.

    • lefty665 says:

      You mean that drugs, sex and rock n’ roll aren’t the answer to everything? Jagger and Richards have survived into their 90’s from the looks if them.

      • Rayne says:

        lefty665 — Oh, I’m sure that sex, drugs, and rock-and-roll are answers of some kind, but I am reminded of the words of two sage men on this matter:

        “I hate to advocate drugs, alcohol, violence, or insanity to anyone, but they’ve always worked for me.” — Hunter S. Thompson

        “Let me tell you what really happened. Every night before I go to bed, I have milk and cookies. One night I mixed some low-fat milk and some pasteurized, then I dipped my cookie in and the shit blew up.” — Richard Pryor

        Somewhere, between these two positions, is the truth for any of us. I should point out both of these men are dead ahead of their time.

        • lefty665 says:

          Hunter Thompson’s “Fear and Loathing in Las Vegas” the recipe book for a life lived in overdrive. I miss both those guys and George Carlin too. Among them, plus John Belushi and Gram Parsons, there may be a complete inventory of every illicit substance known to man along with a pretty good catalog of their hazards.

    • wayoutwest says:

      It’s telling that you use the Right Wing fear term ‘ecoterrorist’ to describe Monkeywrenching and then proceed to demand something ‘solid’ to back up my comments. If I had something ‘solid’ I wouldn’t rat on these people by printing it anywhere so I’m just as clueless as the FBI and Homeland Security about who did these 16 successful infrastructure attacks. I don’t recall any demands for solid evidence for the far fetched Cloak and Dagger, foreign intrigue theories in your earlier post.

      I did supply some interesting circumstantial evidence about who the Feds may be interested in connected to these attacks and the timing of their interest. Instead of speculating about what and why the underground resistance promotes these activities you might read what they have to say about their goals and tactics at the aboveground DGR.

      • Rayne says:

        wayoutwest — You’ve suggested multiple times now that I look into ecological activist entities as possible suspects for the cable cuts. By definition, you’re suggesting “eco-terrorists” at work. What’s it going to be here, either they are or they aren’t terrorists with an affinity for ecological issues?

        At the same time, you don’t offer any concrete evidence eco groups are involved. There are so many possible candidates given the facts available so far, why are “eco-terrorists” more likely? I’m not going to entertain this line of inquiry until I see something more concrete to support this claim. I’ve looked at the evidence we do have — the location of the cuts, the FBI’s ask, other past events of similar nature — and there’s nothing to indicate terrorists of any kind yet, EXCEPT for timing of events, methods required, and location, none of which point explicitly to “eco-terrorists.”

        And fuck no, I am not going to their website(s) to check out their manifestos or operations, what have you, any more than I’m going to check out Taliban or ISIS or White Nationalists’ websites to check theirs — and they are far more likely suspects. Cheezits, even Central and South American petro/narco cartels are more likely.

  8. orionATL says:

    refusal of services on religious grounds as a first amendment violation:

    the first amendment as it relates to religious freedom – “congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof;…. ”

    in recent times rightwing religious groups have begun to abuse the religious freedom insured by the first amemdment.  a court clerk in kentucky declared herself free of obligation to issue civil marriage licenses to same-sex couples. a corporation declared itself free of obligation to pay health insurance for an employee’s birth control tablets.  pharmacists have insisted they cannot be required to sell birth control medication if doing so contravenes their religion.  in the case just cited above,  a hospital  refused to perform tubal ligation on a woman after child birth,  a common and very effective means of birth control. 

    the constitutional ban on congress declaring a particular religion the state religion had its roots in english history very familiar to those who wrote it.  in britain there was the church of england legally aligned with and obligated to the crown. there was a history of religious persecution by crown and church.  the americans wanted no part of any particular religious group being perpetually favored by their government, not the least reason was practical political reasons; there were numerous religious groups practicing in the u. s.  in the late 1770’s. new england had been settled by persons persecuted in england for their religion. maryland had a catholic religious foundation.  quakers were dissenters from crown policies that seemed perpetually to lead to war. 

    the relationship between a government and a legally affiliated religion is,  practically and politically,  a very useful two way street. the church can help the crown with its political enemies and the crown can assure thru law and force that the church’s doctrine is unchallenged,  that non-belivers must adhere to church doctrine or suffer, and that competitors to the established church do not thrive (an important economic matter). 

    if congress may not establish a religion as the state religion or prohibit the free exercise of religious preference,  that implies, as above,  a two-way street. the state may not display favoritism to one religious group above another,  BUT also,  no religious group may use the rules or institutions or power of the state to impose its will on those citizens who do not accept that church’s tenents. this is a “reciprocity principal”  that should govern any  dispute like those i alluded to in the beginning paragraph. 

    a catholic hospital may not use the protection the catholic church is promised by the constitution,  that of no law being passed that would treat it as subordinate to a state-sponsored church,  and then turn around and use the powers of the state to hold subordinate to its own religious rules a patient who does not accept those rules or dogma. 

    the reciprosity principal implied by the first amendment does not just free all religions from competition with a state-sponsored religion; it also requires that all  religions not use the instruments of state power executive and judicial,  as well as legislative entites, against any non-member.  

    this argument is particularly relevant to the anti-abortion movement,  say in texas. 

    the anti-abortion movement is a religious  movement.  its proponents,  leaders,  and adherents overwhelmingly represent certain religious sects many of which are fundamentalist.   these sects push legislators and state officials to use the powers of the state to impose their religious views on abortion onto citizens who are not members of those sects. they use the legislature to insure that the powers of the state make access to abortion difficult,  impossiblle,  or susceptible to legal punishment. as the crown and the church of england traded favors for each other, so some religious leaders and lnumbers of legislators in some states trade favors for election and for prohibition or de facto favored-religion sataus.

    this argument is different and more direct than the traditional privacy argument. 

  9. orionATL says:

    ““Let me tell you what really happened. Every night before I go to bed, I have milk and cookies. One night I mixed some low-fat milk and some pasteurized, then I dipped my cookie in and the shit blew up.” — Richard Pryor”

    now that is one hell of a sense of humor after what he’d been thru.

  10. lefty665 says:

    Hey Rayne, Pretty good Wall Street Journal article today (1/19) “Bugs in WI-FI hookups cripple web security. Most home routers are using firmware from 2002 that is vulnerable to the misfortune cookie bug, among others. Bunch of router mfrs, including some very familiar names, ought to be strung up by the thumbs. Might be fodder for your postings.

    • Rayne says:

      lefty665 — Thanks for that. Probably won’t cover it due to the volume of stuff in my stream, but I’ll try to squeeze in somewhere soon a note that users should check their firmware on all devices regularly. And clearly some network equipment should be replaced.

Comments are closed.