Thursday Morning: Taboo You
Still on spring break around here. If I was legit on a road trip some place warm right now, you’d find me lounging in the sun, sipping fruity cocktails at all hours, listening to some cheesy exotica like this Arthur Lyman piece I’ve shared here.
Though horribly appropriative and colonialist, it’s hard not to like exotica for its in-your-face corniness. I think my favorite remains Martin Denny’s Quiet Village. It brings back memories from the early 1960s, when life was pretty simple.
Let’s have a mai tai for breakfast and get on with our day.
Urgent: Increasing number of hospitals held ransom
Last month it was just one hospital — Hollywood Presbyterian Medical Center paid out bitcoin ransom.
Last week it was three — two Prime Healthcare Management hospitals in California and a Methodist Hospital in Kentucky held hostage.
Now, an entire chain of hospitals has been attacked by ransomware, this time affecting the servers of 10 related facilities in Maryland and Washington DC. The FBI is involved in the case. Is this simple extortion or terrorism? The patients diverted from the facilities to other hospitals’ emergency rooms probably don’t care which it is — this latest attack interfered with getting care as quickly as possible. Let’s hope none of the diverted patients, or those already admitted into the MedStar Union Memorial Hospital chain, have been directly injured by ransomware’s impact on the system.
The MedStar cases spawns many questions:
- Was any patient’s physical health care negatively affected by the ransomware attack?
- Given the risks to human health, why aren’t hospitals better prepared against ransomware?
- Have hospitals across the country treated ransomware as a potential HIPAA violation?
- Was MedStar targeted because of its proximity to Washington DC?
- Was Hollywood Presbyterian Medical Center targeted because its owner, CHA Medical Center, is South Korean?
- Were any patients being treated at MedStar also affected by the OPM data breach, or other health insurance data breaches?
- How much will ransomware affect U.S. healthcare costs this year and next?
Bet you can think of a couple more questions, too, maybe more than a couple after reading this:
Hospitals are considered critical infrastructure, but unless patient data is impacted there is no requirement to disclose such hackings even if operations are disrupted.
Computer security of the hospital industry is generally regarded as poor, and the federal Health and Human Services Department regularly publishes a list of health care providers that have been hacked with patient information stolen. The agency said Monday it was aware of the MedStar incident.
Apple iPhone cases emerge
After the San Bernardino #AppleVsFBI case, more law enforcement investigations relying on iPhones are surfacing in the media.
- L.A. police crack open iPhone with fingerprints obtained under warrant (Forbes);
- FBI will assist county prosecutor in Arkansas with iPhone belonging to alleged teen killer (Los Angeles Times); the method may be the same hack used on the San Bernardino phone, which was supposed to be a one-off (Network World);
- ACLU found 63 other cases in which FBI used All Writs Act to obtain iPhone/Android smartphone data from Apple and Google (The Register).
Stupid stuff
- In spite of screwing up not once but twice by releasing its racist, obnoxious Tay AI chatbot, Microsoft tripled down on a future full of chatbots you can build yourself with their tools. (Ars Technica) — Ugh. The stupid…
- UK’s Ministry of Defense awarded funding to Massive Analytics for work on “Artificial precognition and decision-making support for persistent surveillance-based tactical support” (Gov.UK) — OMG Precog in warfare. Human-free drone attacks. What could go wrong?
- Rich white guys queue up outside Tesla dealerships for days waiting to pre-order the new Tesla 3 (Vancity Buzz) — Vancouver, Sydney, probably other places I’m too arsed to bother with, because rich white guys.
That’s quite enough. Back to pretending I’m lying under a cerulean sky, baking my tuchis, cold drink in hand.
Help me to understand the various ways of car hacking.
.
1. Ford (like others) has a smartphone app that allows owners to remotely start, lock and unlock their car, and see on a map where it’s located. Does this mean that anyone who has the phone, with the correct passwords thereto, can locate and steal the car? Do they still need a physical key in the ignition switch?
.
2. https://www.youtube.com/watch?v=_GTH1A73xwc shows someone starting a car with an Amazon Echo and an OBD link and no key. Can that be done once the car is unlocked and the door opened–for example, on any old unlocked car sitting around, without needing a particularized phone or fob or whatever?
.
3. I read that folks can intercept my fob transmissions, to open the car. Can that technique start the car, also?
.
4. In any of these cases, once the car is open and the engine is started, can it be driven away without a physical key in the ignition?
.
5. Yikes.
(Lots of) cars stopped using keys in the ignition a while back. They have push buttons to turn them on and off. You still get an emergency key to use to open door locks.
So, once the electronics hacker is “in”, he’s “gone”?
.
The keyless entry system has long been hackable for relatively small sums of money. RF signals from the fobs are quite easy to detect. But before getting too bent out of perspective, consider that this is just another step in the evolution os using some kind of “key” to keep your stuff ‘yours’.
.
However, there are newer problems than that…
.
https://threatpost.com/total-recall-troy-hunt-breaks-down-his-nissan-hack/116497/
.
http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
.
More steps in the evolutionary process. I leave you to consider this (since Tesla Motors is being discussed):
.
https://www.teslamotors.com/support/android-and-iphone-app
Rich white guys waiting for tesla in Vancouver? Don’t think so. All the rich guys in Vancouver are Chinese.
This isn’t the Tesla S but the cheaper sibling, the Tesla 3. We’ve got folks lined up here in KC for it, who certainly don’t qualify as rich guys.
.
The Tesla 3 has a sticker price of $35,000, which puts it squarely in the middle of the electric car market. It in the same company as the Chevy Volt and Ford Fusion Energi, slightly above the Nissan Leaf and below the BMW i3 and Mercedes Benz B250e.
.
Note: the price of the Tesla 3 quoted here does not include the psychic cost of knowing that whatever you think of the car itself, you are helping to line Elon Musk’s pockets. For many, that is a steep price indeed.
I ran across this, and it struck me as the epitome of well-designed Transportation: the B-52. Designed over 60 years ago, last one down the assembly line over 50 years ago, and many still flying – with modern technology, to boot. (Aside How many of us built plastic models of it, using that great-smelling Testor glue?) The following is lifted from the Boeing website.
.
“In August 2014, the B-52 Stratofortress celebrated 60 years in the air. The eight-engine, 390,000-pound (176,901-kilogram) jet was America’s first long-range, swept-wing heavy bomber. It began as an intercontinental, high-altitude nuclear bomber, and its operational capabilities were adapted to meet changing defense needs.
B-52s have been modified for low-level flight, conventional bombing, extended-range flights and transport of improved defensive and offensive equipment — including ballistic and cruise missiles that can be launched hundreds of miles from their targets.
.
“Over the following weekend, in a Dayton hotel room, the team designed a new eight-engine jet bomber, still called the B-52, made a scale model out of balsa wood and prepared a 33-page report. … The first B-52A flew Aug. 5, 1954.
.
“On Oct. 26, 2012, Boeing marked 50 years since it had delivered its last B-52 Stratofortress to the U.S. Air Force. Modern engineering analyses showed the B-52’s expected lifespan extending beyond 2040.
.
Say what you will about war and killing and the military-industrial complex, you still have to admit that someone, somewhere, did this right. And, I bet, all for the price of a handful of those F-35s that have never been able to fly in combat.
Of the questions the MedStar case has spawned that you listed, the one that ought to scare the bejesus out of the whole industry is #2. The media last night had stories about people having various procedures and treatments postponed because of this, and should that postponement have any medical consequences, you can be damn sure the patients or their families will begin to inquire about how this could have happened.
.
If someone dies because of this, there will be lawyers asking some very difficult questions. If those questions end up showing that hospitals were negligent in protecting their computer systems — not just from HIPPA privacy issues, but from ransomware seizure — the hospitals will end up paying large sums of money to those affected patients (or their survivors).
.
And then they’ll have to pay the money to properly protect their computers anyway.
.
Beancounters, take note.
bloopie2 (9:43) — Nuh-uh. You’ll have to find a hacker to walk you through that stuff. Not going to do it here, not in print. Like I need more trouble in my life.
Denis (10:04) — Every picture I’ve seen so far of people waiting for Tesla pre-order at dealership has been a white guy. Maybe Vancouver’s rich Chinese dudes pay a white guy to sit for them. Or they have a driver. ~shrug~
Peterr (10:50) — Pretty sure this hacking stuff is why medical professionals have squashed robotic anaesthesia systems. Can you even imagine? ~shudder~
Peterr (11:03) — I say rich white guys because 1) have only seen white guys waiting in line for days, and 2) rich, because what poor person can afford to sit in a lawn chair for days waiting to pre-order even a $35K car?
Hi Rayne, Hi Marcy! Glad you’re back!
Rayne, if I’m being a pain in the neck…please just tell me to stop!
*
Existing TL:
XX-XXX-2002 — [DATE TBD] Genesee County purchased 326 acres of property with 300 feet of Lake Huron waterfront via auction from Detroit Edison, for $2.7 million **How did this purchase affect the city of Flint’s 2002-2004 financial crisis?
*
I’ve been trying to find a date…, at least a month, for that land purchase…but still no luck.
*
Did you realize that in […] July 2002 Under Michigan’s Public Act 72 of 1990, Flint is placed under an Emergency Financial Manager (EFM) until 2004. Ed Kurtz is appointed Flint EFM [TF Report TL]? Also, I think at some point that year, Darnell Earley was the Mayor?
*
Also, have you seen this? :-)
50 years later: Ghosts of corruption still linger along old path of failed Flint water pipeline; 11/12/12
http://www.mlive.com/news/flint/index.ssf/2012/11/ghosts_of_corruption_still_lin.html
Existing TL:
*
XX-SEP-2011 — (confirm date) City of Flint increase water and sewer rates 35%. Higher water costs due in part to higher-than-expected unmetered water losses. This is the second double-digit rate hike in 2011. The city’s water system once served ~200K residents, now serves half that number and a much smaller manufacturing base.
*
According to http://www.mlive.com/news/flint/index.ssf/2011/08/flint_water_sewer_rates_increa.html
*
“[…] The new rates will show up on water and sewer bills due after Sept. 16, officials said […]”
*
…second increase in the year [one in January], BUT…the first in the FISCAL year! But:
*
[quote] Flint Mayor Dayne Walling said the upcoming increase is also necessary to avoid potential cuts to the city’s general fund — which pays for services like public safety and other departments.[…]
*
According to the article: Although both Flint and Genesee County were receiving water from DWSD at the time, the county did NOT experience such a hike. That’s because:
*
[quote] […] the water bills are still determined by local officials. […] [end quote]
*
…so the council and EM [etc] [not DWSD] are largely to blame for the high rates and huge increases. This article is highly recommended. Later it states:
*
[…] the Michigan Department of Treasury and TYJT refused to comment when MT reached out to see if Walling was at the initial December presentation by TYJT, […]
*
That information is now known. From the TF Report: [The date of that meeting is listed in the TF Report as November 20, NOT December]
*
“[…] In Attendance: [11/20/12] Ed Kurtz; Flint Emergency Financial Manager, City of Flint; Dayne Walling; Mayor, City of Flint; Mike Brown, City of Flint; John O’Brien, Genesee County; Howard Croft, City of Flint; Dwayne “Duffy” Johnson, City of Flint; Brent Wright, City of Flint; Awni Qaqish, TYJT; Dave Guastella, TYJT […]”
Sorry, THIS is the article that’s highly recommended:
*
“Docs reveal Flint’s EM agreed to buy $1M worth of extra water from the KWA — this was never about saving money.”
http://www.metrotimes.com/Blogs/archives/2016/02/27/em-kurtz-agreed-to-spend-over-1m-per-year-more-than-flint-needed-on-water-from-the-kwa-pipeline
Existing TL:
*
23-APR-2012 — EM Michael Brown proposed budget plan includes a 25% average increase in water and sewer rates, with water rates projected to increase 12.5% and sewer 45%. City personnel cuts were also proposed. Water and sewer are the single largest expenditure in the budget. (Proposed budget, PDF) **Did any of the personnel cuts made affect staffing of water and sewer maintenance?
*
wrt: personnel cuts, according to this article:
http://www.freep.com/story/news/local/michigan/flint-water-crisis/2016/03/29/lawmakers-hear-flint-residents-water-crisis/82371004/ 8
*
Glasgow got no response to his 4/14/14 e-mail about not being ready to distribute water and responsibly run the WTP,
*
[quote] […] despite the fact the plant had only 26 employees to treat water for all Flint residents, compared to about 40 employees the plant had in 2005 when it served only as an emergency backup to the Detroit Water and Sewerage Department, which until April of 2014 supplied Flint with water from Lake Huron. […] [end quote]
*
ALSO [!!!!]:
*
[…] [Glasgow] testified he expected corrosion-control chemicals to be used in the treatment process, but the state didn’t require the chemicals. The plant would not have been able to add the phosphates in any case, Glasgow testified, because it didn’t have the necessary equipment and would have had to wait three to six months to order and install it. […]
*
…again, “switching” water sources and changing water treatment is a lot more complicated than “switching” numbers from column to column on a spread sheet, and takes a lot of time and planning. IMO, “switch” is not a useful word in this context.
This is the current “Plan for Optimization of Corrosion Control”
http://www.michigan.gov/documents/flintwater/Plan_for_Optimization_of_Corrosion_Control_514633_7.pdf
*
The last paragraph is about how they are testing Lake Huron water now, in order to be able to distribute KWA water when it is available later this year.
*
[quote] […] Full scale testing of the treatment trains at the Flint Water Treatment Plant
will be necessary before any of the treated KWA water can be placed into the distribution
system. This evaluation may take anywhere from 2 weeks to 3 months to show that the
treatment plan can provide water that meets the necessary stability to be placed into the
system. […] [end quote]
Thank you for this information. The article in the free(?) paper is very good too.
This is a very important story, a case study. It is hard to believe any of the politicians responsible will be re-elected…ever. Anywhere. It is almost as hard to believe that anyone in Flint is paying water bills…
You’re welcome! …[I get…a little…obsessed] That article is from the Detroit Free Press [freep]. I agree, very important.
[Rayne, I’m sorry about the double post.]
Existing TL:
*
30-JUN-2013 — EM Ed Kurtz left his role as of the end of fiscal year.
**
New info:
*
6/30/13 Flint EM Kurtz submits “City of Flint Financial & Operating Plan, Third Update” (and EM Kurtz’s closing memorandum) to MI Treasury Dept
*
https://www.cityofflint.com/wp-content/uploads/Reports/City%20of%20Flint%20Update%203%20Financial%20&%20Operating%20Plan%20062813.pdf
*
[…] The City looks forward to a safe, reliable water supply through which water costs can be stabilized for the KWA participants. […] The City is currently exploring its options for water service between May 2014 and the full operation of the KWA pipeline. High consideration is being given to utilizing the Flint River, and/or blending River and DWSD water. The City of Flint is also considering contracting with DWSD to be the back-up water source for the City. […]
**
Existing TL:
*
30-JUN-2013 — EM Ed Kurtz left his role as of the end of fiscal year.
*
New info:
*
6/30/13 Flint EM Kurtz submits “City of Flint Financial & Operating Plan, Third Update” (and EM Kurtz’s closing memorandum) to MI Treasury Dept
https://www.cityofflint.com/wp-content/uploads/Reports/City%20of%20Flint%20Update%203%20Financial%20&%20Operating%20Plan%20062813.pdf
*
[…]The City looks forward to a safe, reliable water supply through which water costs can be stabilized for the KWA participants. […] The City is currently exploring its options for water service between May 2014 and the full operation of the KWA pipeline. High consideration is being given to utilizing the Flint River, and/or blending River and DWSD water. The City of Flint is also considering contracting with DWSD to be the back-up water source for the City. […]
*
Testing
I’m feeling quite paranoid that it’s somehow my comments which are causing the problems here. :-{
Not yours – ew said they were havign problems with the site (the server, I’d think).
Thanks for that. :-)