Cybersecurity

1 2 3 56

Takedowns of Shadow Brokers Files Affirm Files as Stolen

I’ve been wondering something.

Almost immediately after the Shadow Brokers posted their Equation Group files, GitHub, Reddit, and Tumblr took down the postings of the actual files. In retrospect, it reminded me of the way Wikileaks was booted off PayPal in 2010 for, effectively, publishing files.

So I sent email to the three outlets asking on what basis they were taken down. GitHub offered the clearest reason. In refreshingly clear language, its official statement said,

Per our Terms of Service (section A8), we do not allow the auction or sale of stolen property on GitHub. As such, we have removed the repository in question.

Mind you, A8 prohibits illegal purpose, not the auction of stolen property:

You may not use the Service for any illegal or unauthorized purpose. You must not, in the use of the Service, violate any laws in your jurisdiction (including but not limited to copyright or trademark laws).

Moreover, at least in its Pastebin explanation, Shadow Brokers were ambiguous about how they obtained the files.

How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.

They state they “found” the files, or at least traces of the files, and only say they “hacked” to obtain them to get to the latest stage. If they (in the Russian theory of the files) were “found” on someone’s own system, does that count as “stealing” property?

Tumblr wasn’t quite as clear as GitHub. They said,

Tumblr is a global platform for creativity and self-expression, but we have drawn lines around a few narrowly defined but deeply important categories of content and behavior, as outlined in our Community Guidelines. The account in question was found to be in violation of these policies and was removed.

But it’s not actually clear what part of their user guidelines Shadow Brokers violated. They’ve got a rule against illegal behavior.

I guess the sale of stolen property is itself illegal, but that goes back to the whole issue of Shadow Brokers’ lack of clarity of how they got what they got. Their property specific guidelines require someone to file a notice.

Intellectual property is a tricky issue, so now is as good a time as any to explain some aspects of the process we use for handling copyright and trademark complaints. We respond to notices of alleged copyright infringement as per our Terms of Service and the Digital Millennium Copyright Act; please see our DMCA notification form to file a copyright claim online. Please note that we require a valid DMCA notice before removing content. Parties asserting a trademark infringement claim should identify the allegedly infringing work and the legal basis for their claim, and include the registration and/or application number(s) pertaining to their trademark. Each claim is reviewed by a trained member of our Trust and Safety team.

If we remove material in response to a copyright or trademark claim, the user who posted the allegedly infringing material will be provided with information from the complainant’s notice (like identification of the rightsholder and the allegedly infringed work) so they can determine the basis of the claim.

The tech companies might claim copyright violations here (or perhaps CFAA violations?), but the files came down long before anyone had publicly IDed them as the victims. So the only “owner” here would  be the NSA. Did they call Tumblr AKA Verizon AKA a close intelligence partner of the NSA?

Finally, Shadow Brokers might be in violation of Tumblr’s unauthorized contests.

The guidelines say you can link to whackjob contest (which this is) elsewhere, but you do have to make certain disclosures on Tumblr itself.

One more thing about Tumblr, though. It claims it will give notice to a user before suspending their content.

Finally, there’s Reddit, which blew off my request altogether. Why would they take down Shadow Brokers, given the range of toxic shit they permit to be posted?

They do prohibit illegal content, which they describe as,

Content may violate the law if it includes, but is not limited to:

  • copyright or trademark infringement
  • illegal sexual content

Again, GitHub’s explanation of this as selling stolen property might fit this description more closely than copyright infringement, at least of anyone who would have complained early enough to have gotten the files taken down.

The more interesting thing about Reddit is they claim they’ll go through an escalating series of warning before taking down content, which pretty clearly did not happen here.

We have a variety of ways of enforcing our rules, including, but not limited to

  • Asking you nicely to knock it off
  • Asking you less nicely
  • Temporary or permanent suspension of accounts
  • Removal of privileges from, or adding restrictions to, accounts
  • Adding restrictions to Reddit communities, such as adding NSFW tags or Quarantining
  • Removal of content
  • Banning of Reddit communities

Now, don’t get me wrong. These are dangerous files, and I can understand why social media companies would want to close the barn door on the raging wild horses that once were in their stable.

But underlying it all appears to be a notion of property that I’m a bit troubled by. Even if Shadow Brokers stole these files from NSA servers — something not at all in evidence — they effectively stole NSA’s own tools to break the law. But if these sites are treating the exploits themselves as stolen property, than so would be all the journalism writing about it.

Finally, there’s the question of how these all came down so quickly. Almost as if someone called and reported their property stolen.

The Two Tales of Russia Hacking NYT

Yesterday, CNN posted this “first on CNN” story:

Hackers thought to be working for Russian intelligence have carried out a series of cyber breaches targeting reporters at The New York Times and other US news organizations, according to US officials briefed on the matter.

The intrusions, detected in recent months, are under investigation by the FBI and other US security agencies. Investigators so far believe that Russian intelligence is likely behind the attacks and that Russian hackers are targeting news organizations as part of a broader series of hacks that also have focused on Democratic Party organizations, the officials said.

Here’s what the NYT’s own account of the hacking (attempt) is:

The New York Times’s Moscow bureau was the target of an attempted cyberattack this month. But so far, there is no evidence that the hackers, believed to be Russian, were successful.

“We are constantly monitoring our systems with the latest available intelligence and tools,” said Eileen Murphy, a spokeswoman for The Times. “We have seen no evidence that any of our internal systems, including our systems in the Moscow bureau, have been breached or compromised.”

[snip]

The New York Times’s Moscow bureau was the target of an attempted cyberattack this month. But so far, there is no evidence that the hackers, believed to be Russian, were successful.

“We are constantly monitoring our systems with the latest available intelligence and tools,” said Eileen Murphy, a spokeswoman for The Times. “We have seen no evidence that any of our internal systems, including our systems in the Moscow bureau, have been breached or compromised.”

So CNN tells an alarming story about specific reporters being targeted that fits into a larger narrative, citing both the FBI (in which Evan Perez has very good sources) and “other US security agencies,”  which presumably means the NSA. NYT tells an entirely different story, stating that an attack on its bureau in Russia was targeted unsuccessfully, relying solely on official sources as the FBI. One wonders why the NYT story required Nicole Perloth and David Sanger, and also why David Sanger didn’t cite any of his extensive sources at NSA, where these allegations appear to derive.

It’s quite possible both of these stories are misleading. But they do raise questions about why the spooks want to sensationalize these Russian hacks while NYT chooses to downplay them.

Monday: Build That Wall

Poor Ireland. Poor Inishturk. To be forced to consider the onslaught of refugees fleeing political upheaval should one loud-mouthed, bigoted, multi-bankrupt idiot with bad hair win the U.S. presidency. I’m amused at how the Irish in this short film mirror the U.S. albeit in a more placid way. There are some who are ardently against him, some who’d welcome the business, and the rest cover the spread between the extremes though they lean more to the left than the right.

I find it appalling, though, that Trump would install a sea wall *now* after the golf course development has already been established, rather than do his homework upfront before investing in real estate which relies on natural dune formation. This kind of thoughtlessness is completely absurd, and the disgust evident in this film is well merited.

Keep your volume control handy; hearing Trump blathering may set your teeth on edge. Mute for a moment and continue.

Schtuff happens
I couldn’t pull a cogent theme out of the stuff crossing my desk today. I’m just laying it down — you see if you can make any sense out of it.

  • Ramen can get you killed in private prisons (Guardian) — The federal government may have to do more than simply stop using private prisons for federal criminal incarceration. This report by a doctoral candidate in the University of Arizona’s school of sociology suggests states’ prisons operated by private industry may be violating prisoners’ civil rights by starving them. Ramen noodles have become a hot commodity for this reason. Not exactly a beacon of morality to the rest of the free world when incarcerated citizens must scrap for ramen noodles to make up for caloric shortfalls.
  • World Anti-Doping Agency may have been attacked by same hackers who poked holes in the DNC (Guardian) — “Fancy Bear” allegedly had a fit of pique and defaced Wada after Russian athletes were banned at Rio. This stuff just doesn’t sound the same as the hacking of NSA-front Equation Group.
  • New Mexico nuclear waste accident among most costly to date (Los Angeles Times) — Substitution of an organic kitty litter product for a mineral product two years ago set off a chemical reaction un an underground waste storage area, contaminating 35% of the surrounding space. Projected clean-up costs are $2 billion — roughly the amount spent on Three Mile Island’s meltdown.
  • Build that wall! Americans blown ashore in Canada by high winds (CBC) — Participants riding flotation devices on the St. Clair River in the annual Port Huron Float Down were pushed by high winds into Sarnia, Ontario. About 1,500 Americans had to be rescued and returned to the U.S. by Canadian police, Coast Guard, and Border Service. Just a test to see if Canada’s ready for the influx of refugees should Trump win in November, right?
  • Paternity test reveals a father’s sperm actually made him an uncle (Independent) — Upon discovering a father’s DNA only matched 10% of his child’s DNA, further genetic ancestry revealed the ‘father’ had an unborn twin whose DNA he had absorbed in the womb. His twin’s DNA matched his child’s. This is not the first time paternity testing has revealed chimerism in humans.

Commute-or-lunch-length reads

  • Walmart is a crime magnet (Bloomberg) — Holy crap. Communities should just plain refuse to permit any more Walmarts until they clean up their act. Bloomberg’s piece is a virtual how-to-fix-your-bullshit task list; Walmart has zero excuses.
  • It’s in your body, what version is it running? (Backchannel) — Before the public adopts anymore wearable or implantable medical devices, they should demand open access to the code running inside them. It’s absurd a patient can’t tell if their pacemaker’s code is jacked up.
  • Dirty laundry at Deutsche Bank (The New Yorker) — This you need to read. Parasitic banking behavior comes in many forms — in this case, Deutsche Bank laundered billions.

There, we’re well on our way this week. Catch you tomorrow!

Wealthy Elites and Blowjobs

I haven’t seen this part of the Shadow Broker files get mentioned. The files themselves are addressed to, “!!! Attention government sponsors of cyber warfare and those who profit from it !!!!” with a description of the auction for further files (which most people believe to be fake).

But at the end of the Pastebin file from them, they include this rant.

We have final message for “Wealthy Elites”. We know what is wealthy but what is Elites? Elites is making laws protect self and friends, lie and fuck other peoples. Elites is breaking laws, regular peoples go to jail, life ruin, family ruin, but not Elites. Elites is breaking laws, many peoples know Elites guilty, Elites call top friends at law enforcement and government agencies, offer bribes, make promise future handjobs, (but no blowjobs). Elites top friends announce, no law broken, no crime commit. Reporters (not call journalist) make living say write only nice things about Elites, convince dumb cattle, is just politics, everything is awesome, check out our ads and our prostitutes. Then Elites runs for president. Why run for president when already control country like dictatorship? What this have do with fun Cyber Weapons Auction? We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data. You see what “Equation Group” can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks and financial systems? If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites? Maybe with dumb cattle? “Do you feel in charge?” Wealthy Elites, you send bitcoins, you bid in auction, maybe big advantage for you?

Ostenisbly, the rant serves to warn that if such tools get out, people might target banks and financial systems, specifically mentioning the hacks on SWIFT (not to mention suggesting that if the other claimed files get out someone might target finance).

Along the way it includes a reference to elites having their top friends announcing “no law broken, no crime commit.” And right before it, this: “make promise future handjobs, (but no blowjobs).”

Maybe I’m acutely sensitive to mentions of blowjobs, especially those received by Bill Clinton, for reasons that are obvious to most of you. But the reference to handjobs but no blowjobs in the immediate proximity of getting off of a crime followed closely by a reference to running for President seems like an oblique reference to the Clintons.

If so, it would place this leak more closely in line with the structure of the other leaks targeting Hillary.

That’s in no way dispositive, but the blowjobs references does merit mentioning.

Friday: Smells Like

With the lights out, it’s less dangerous
Here we are now, entertain us
I feel stupid and contagious
Here we are now, entertain us
A mulatto, an Albino
A mosquito, my libido, yeah


— excerpt, Smells Like Teen Spirit by Nirvana

Been a rough week so I’m indulging myself with some double bass — and because it’s Friday, it’s jazz. This is 2009 Thelonious Monk Competition winner Ben Williams whose ‘Teen Spirit’ is both spirited and minimalist. Check out this set with Home and Dawn Of A New Day, the first embued with a hip-hoppy beatmaking rhythm.

More Shadows on the wall
While Marcy has some questions about the recent alleged Shadow Brokers’ hack of NSA-front Equation Group and malware staging servers, I have a different one.

Why is Cisco, a network equipment company whose equipment appears to have been backdoored by the NSA, laying off 20% of its workforce right now? Yeah, yeah, I hear there’s a downturn in networking hardware sales due to Brexit and the Chinese are fierce competitors and businesses are moving from back-end IT to the cloud, but I see other data that says 50-60% of ALL internet traffic flows through Cisco equipment and there are other forecasts anticipating internet traffic growth to double between now and 2020, thanks in part to more video streaming and mobile telecom growth replacing PCs. Sure, software improvements will mediate some of that traffic’s pressure on hardware, but still…there’s got to be both ongoing replacement of aging equipment and upgrades (ex: Southwest Airlines’ router-fail outage), let alone new sales, and moving the cloud only means network equipment is consolidated, not distributed. Speaking of new sales and that internet traffic growth, there must be some anticipation related to increased use of WiFi-enabled Internet of Things stuff (technical term, that — you know, like Philips’ Hue lighting and Google Nest thermostats and Amazon Echo/Alexa-driven services).

Something doesn’t add up. Or maybe something rolls up. I dunno’. There are comments out on the internet suggesting competitor Huawei is hiring — that’s convenient, huh?

AI and Spy

  • Data security firm working on self-tweeting AI (MIT Review) — The software can generate tweets more likely to illicit response from humans than the average phishing/spearphishing attempt. Seems a little strange that a data security company is working on a tool which could make humans and networks less secure, doesn’t it?
  • Toyota sinks a bunch of cash into AI project at U of Michigan (ReadWrite) — $22 million the automaker pledged to development of self-driving cars, stair-climbing wheelchairs and other mobility projects. Toyota has already invested in similar AI development programs at Stanford in Palo Alto, CA and MIT in Cambridge, MA. Funding academic research appears to be a means to avoid a bigger hit to the corporation’s bottom line if the technologies do not yield commercially viable technology.
  • Steganography developed to mask content inside dance music (MIT Review) — Warsaw University of Technology researcher co-opted the rhythm specific to Ibiza trance music genre. The embedded Morse code buried in rhythm could not be audibly detected by casual listeners as long as it did not distort the tempo by more than 2%.

Sci-like-Fi

  • New theory suggests fifth force of nature possible (Los Angeles Times) — The search for a “dark photon” may have led to a new theory explaining the existence and action of dark energy and dark matter, which together make up 95% of the universe. I admit I need to hunt down a better article on this; this one doesn’t make all the pieces snap into place for me. If you’ve seen a better one, please share in comments.
  • Sound wave-based black hole model may show Hawking radiation at work (Scientific American) — Can’t actually create a real black hole in the lab, but a model like this one created by an Israeli scientist using phonons (not photons) may prove Stephen Hawking was right about information leakage from black holes. The work focuses on the actions of quantum-entangled particle pairs which are separated on either side of the event horizon. Beyond adding to our understanding of the universe, how this work will be used isn’t quite clear. But use of quantum entanglement in cryptography is an important and growing field; I wouldn’t be surprised to see this finding shapes cryptographic development.
  • Pregnant women’s immune system response may affect fetus’ neurological system (MedicalXpress via Phys.org) — While an expectant mother’s immune system may prevent a virus from attacking her fetus, the protective process may still affect the fetus long term. Research suggests that some neurological disorders like schizophrenia and autism may be associated with maternal infections pre-birth.

Late adder: Travel Advisory issued for pregnant women to avoid Miami Beach area according to CDC — Five more cases of Zika have been identified and appeared to have originated in the newly identified second Zika zone, this one east of Biscayne Bay in the Miami Beach area. The initial Zika zone was on the west side of Biscayne Bay. The CDC also discouraged pregnant women and their sex partners from traveling to Miami-Dade County as a whole; the county has now had a total of 36 cases of Zika.

In the video in the report linked above, FL Gov. Rick Scott pokes at the White House about additional Zika assistance, but Scott previously reduced spending on mosquito control by 40%. Now he’s ready to pay private firms to tackle mosquito spraying. Way to go, Republican dirtbag. Penny wise, pound foolish, and now it’s somebody else’s job to bat cleanup.

Longread: Stampede at JFK
A firsthand account of the public’s stampede-like reaction to a non-shooting at New York’s JFK International Airport. To paraphrase an old adage, if all you have is a gun, everything looks and sounds like a shooting.

Let go of your fear and let the weekend begin.

Where Are NSA’s Overseers on the Shadow Brokers Release?

As Rayne has been noting, a group calling itself the Shadow Brokers released a set of NSA hacking tools. The release is interesting for what it teaches us about NSA’s hacking and the speculation about who may have released so many tools at once. But I’m just as interested by Congress’ reticence about it.

Within hours of the first Snowden leak, Dianne Feinstein and Mike Rogers had issued statements about the phone dragnet. As far as I’ve seen, Adam Schiff is the only Gang of Four member who has weighed in on this

U.S. Rep. Adam Schiff, the ranking Democrat on the House Intelligence Committee, also spoke with Mary Louise. He said he couldn’t comment on the accuracy of any reports about the leak.

But he said, “If these allegations were true, I’d be very concerned about the impact on the intelligence community. I’d also obviously want to know who the responsible parties were. … If this were a Russian actor — and again, this is multiple ‘ifs’ here — we’d have to ask what is causing this escalation.”

Say, Congressman Schiff. Aren’t you the ranking member of the House Intelligence Committee and couldn’t you hold some hearings to get to the bottom of this?

Meanwhile, both Feinstein (who is the only Gang of Four member not campaigning for reelection right now) and Richard Burr have been weighing in on recent events, but not the Shadow Brokers release.

The Shadow Brokers hack should be something the intelligence “oversight” committees publicly engage with — and on terms that Schiff doesn’t seem to have conceived of. Here’s why:

The embarrassing story that the VEP doesn’t work

Whatever else the release of the tools did (and I expect we’ll learn more as time goes on), it revealed that NSA has been exploiting vulnerabilities in America’s top firewall companies for years — and that whoever released these tools likely knew that, and could exploit that, for the last three years.

That comes against the background of a debate over whether our Vulnerabilities Equities Process works as billed, with EFF saying we need a public discussion today, and former NSA and GCHQ hackers claim we ignorant laypeople can’t adequately assess strategy, even while appearing to presume US strategy should not account for the role of tech exports.

We’re now at a point where the fears raised by a few Snowden documents — that the NSA is making tech companies unwitting (the presumed story, but one that should get more scrutiny) or witting partners in NSA’s spying — have born out. And NSA should be asked — and its oversight committees should be asking — what the decision-making process behind turning a key segment of our economy into the trojan horse of our spooks looks like.

Mind you, I suspect the oversight committees already know a bit about this (and the Gang of Four might even know the extent to which this involves witting partnership, at least from some companies). Which is why we should have public hearings to learn what they know.

Did California’s congressional representatives Dianne Feinstein, Adam Schiff, and Devin Nunes sign off on the exploitation of a bunch of CA tech companies? If they did, did they really think through the potential (and now somewhat realized) impact it would have on those companies and, with it, our economy, and with it the potential follow-on damage to clients of those firewall companies?

The embarrassing story of how NSA’s plumbers lost their toolbox

Then there’s the question of how the NSA came to lose these tools in the first place. While the initial (and still-dominant) presumption about the release is that somehow Russia did this, since then, there have been a lot of stories that feel like disinformation.

First there was David Sanger’s piece wondering about NSA being hacked — based entirely on speculative claims of three security experts (including Edward Snowden) — which nevertheless read like this.

Snowden Snowden Snowden Snowden Snowden Snowden Snowden Snowden Snowden Snowden Snowden

Shortly thereafter, there were a series of stories based on anonymous former NSA people also speculating, which had the effect of denying that those tools would be available external to NSA in one place.

The source, who asked to remain anonymous, said that it’d be much easier for an insider to obtain the data that The Shadow Brokers put online rather than someone else, even Russia, remotely stealing it. He argued that “naming convention of the file directories, as well as some of the scripts in the dump are only accessible internally,” and that “there is no reason” for those files to be on a server someone could hack. He claimed that these sorts of files are on a physically separated network that doesn’t touch the internet; an air-gap. (Motherboard was not able to independently verify this claim, and it’s worth bearing in mind that an air-gap is not an insurmountable obstacle in the world of hacking).

That is this story serves to deny what I and others, including Snowden, think is most likely: that someone at the NSA forgot to pack his hammer and screwdriver in his toolbox and his toolbox in his truck after he “fixed” someone’s kitchen sink or, more accurately, a forward deployment got compromised. Which would be embarrassing because we shouldn’t let forward deployments get compromised before we burn all the interesting toys and documents there. But also, we may find out, we’re not supposed to be that far forward deployed. And if we have been, we sure as heck ought not let those we’re forward deploying against find out.

We may learn more about specific targets that make this more clear, which would seem to be the extra bonus that would make compromising all these tools and alerting the NSA that you had them.

The impact of NSA exploiting American firewall companies should have been the subject of public Intelligence Committee oversight hearings when we learned of Juniper Networks vulnerabilities (with whispered comments about the great deal of damage those vulnerabilities had done to US agencies and companies). Given this release, the urgency of some public accountability — from both those at NSA and those purporting to oversee NSA — is overdue.

Thursday: Creep

Covers are often treated like poor relations in hand-me-downs. It’s not the performer’s own work, how can they possibly do the original justice?

Yeah…and then this. I think it’s an example of an exceptional cover. It’s one of my favorites. There are a number of other fine covers of this same piece — some are sweet, some have better production values, and some are very close to Radiohead’s original recording. But this one has something extra. Carrie Manolakos, a Broadway performer known for her role as Elphaba in Wicked, takes a breath at 2:19 and watch out. Her second album will release next month if you enjoy her work.

In Sickness and Health
Here, read these two stories and compare them:

Leaving you with the actual heds on these articles. How isn’t this simple extortion? You know, like, “Nice national health care system you’ve got there. It’d be a shame if anything happened to it.”

Cry me a river about corporate losses. Last I checked Aetna’s been paying out dividends regularly, which means they still have beaucoup cash.

If only we’d had a debate about offering single payer health care for everyone back in 2009 so we could say Fuck You to these vampiric corporate blackmailers.

Still in Shadow
A timeline of articles, analysis, commentary on the hacking of NSA malware staging servers by Shadow Brokers — no window dressing, just links:

15-AUG-2016 8:48 AM — https://twitter.com/mikko/status/765168232454037504 (Mikko Hypponen–Kaspersky tweeting discovery of Shadow Brokers’ auction of Equation Group code)

16-AUG-2016 7:22 AM — http://cybersecpolitics.blogspot.com/2016/08/why-eqgrp-leak-is-russia.html (Info sec expert Dave Aitel’s assessment on hackers responsible)

16-AUG-2016 7:40 AM — https://twitter.com/Snowden/status/765513662597623808 (Edward Snowden’s tweet thread [NB: don’t be an idiot and click on any other links in that thread])

16-AUG-2016 7:22 PM — https://securelist.com/blog/incidents/75812/the-equation-giveaway/ (time zone unclear)

16-AUG-2016 ?:?? — http://xorcat.net/2016/08/16/equationgroup-tool-leak-extrabacon-demo/

17-AUG-2016 8:05 AM EST — https://motherboard.vice.com/read/what-we-know-about-the-exploits-dumped-in-nsa-linked-shadow-brokers-hack

17-AUG-2016 ?:?? — https://www.cs.uic.edu/~s/musings/equation-group/ (University of Illinois’ Stephen Checkoway’s initial impressions)

17-AUG-2016 7:23 PM EST — https://www.washingtonpost.com/world/national-security/nsas-use-of-software-flaws-to-hack-foreign-targets-posed-risks-to-cybersecurity/2016/08/17/657d837a-6487-11e6-96c0-37533479f3f5_story.html

18-AUG-2016 6:59 AM EST — https://twitter.com/RidT/status/766228082160242688 (Thomas Rid suggests Shadow Brokers’ auction may be “retaliation” — note at this embedded tweet the use of “retaliation” and the embedded, highlighted image in which the words “Panama Papers” appear in red. Make of that what you will.[1])

18-AUG-2016 2:35 PM EST — https://motherboard.vice.com/read/the-shadow-brokers-nsa-leakers-linguistic-analysis (Two linguists suggest Shadow Brokers’ primary language is English distorted to mimic Russian ESL)

You know what this reminds me of? Sony Pictures’ email hacking. Back and forth with Russia-did-it-maybe-not-probably, not unlike the blame game pointing to North Korea in Sony’s case. And the linguistic analysis then suggesting something doesn’t quite fit.

[Today's front pages from USA Today, The New York Times, Wall Street Journal, Los Angeles Times, shared here under Fair Use.]

[Today’s front pages from USA Today, The New York Times, Wall Street Journal, Los Angeles Times, shared here under Fair Use.]

American Refugees
I read in one of my timelines today a complaint by a journalist about Louisiana flooding news coverage. Wish I’d captured the thread at the time; they were put out that the public was unhappy about the media’s reporting — or lack thereof. They noted all the links to articles, videos, photos being shared in social media, noting this content came from journalists.

Except there really is a problem. The embedded image here is the front page of each of the four largest newspapers in the U.S. based on circulation, total combined circulation roughly six million readers. NONE OF THEM have a story on the front page about the flooding in Louisiana, though three of them covered the California Blue Cut Fire. Naturally, one would expect the Los Angeles Times to cover a fire in their own backyard, and they do have a nice photo-dense piece online. But nothing on the front page about flooding.

The Livingston Parish, Louisiana sheriff noted more than 100,000 parish residents had lost everything in the flood. There are only 137,000 total residents in that parish.

Between the +80,000 Blue Cut Fire evacuees and more than 100,000 left temporarily homeless in Louisiana, the U.S. now has more than a couple hundred thousand climate change refugees for which we are utterly unprepared. The weather forecast this week is not good for the Gulf Coast as unusually warm Gulf water continues to pump moisture into the atmosphere. We are so not ready.

Longread: The last really big American flood
Seven Scribes’ Vann R. Newkirk II looks at the last time a long bout of flooding inundated low-lying areas in the south, setting in motion the Great Migration. This is the history lesson we’ve forgotten. We need to prepare for even worse because like the Blue Cut Fire in California and Hurricane Sandy in New Jersey and New York, disaster won’t be confined to a place too easily written off the front page.

One more day. Hope to make it through.
_________
[1] Edited for clarity. Kind of.

Tuesday: One String

There aren’t enough words to describe this genius who can do so much with a lone string. Brushy One String is the stagename of Andrew Chin, son of Jamaican musician Freddie McKay. McKay died in 1986 in his late 30s, leaving behind a body of work representative of the rocksteady (ex: Rock-a-Bye Woman) and reggae genres. While Brushy inherited his father’s musical talent, he’s parlayed into an interesting Rhythm-and-Blues-meets-Roots-Reggae crossover. Check out his website when you have a chance.

Wheels

  • Volkswagen and USDOJ talking about criminal investigation (Deutsche Welle) — Up in the air yet whether DOJ goes with deferred prosecution or asks for a guilty plea from the lawmaker for criminal activity related to the promotion and sale of its so-called “Clean Diesel” passenger vehicles during the last decade. Criminal fines are estimated at $1.2 billion. VW claims to be cooperating, but the company’s failure to disclose the additional cheat software in the 3.0L engines suggests some problems understanding what “good faith” means.
  • Volkswagen’s Australian manager believes diesel fix “imminent” (CarsGuide) — And “Under Australian law, we don’t believe there’s anything on our car which is illegal.” Uh-huh. Hence the fix for 80,000 1.6L and 2.0L passenger diesels. It’s true that Australia is not as strict about NOX as the U.S., but VW’s passenger diesels didn’t meet EU or AUS limits on other pollutants.
  • Ford expects to offer self-driving car without steering wheel within five years (Detroit News) — Well, then. Better hope regulations don’t require a steering wheel, huh? Ford has also invested $75M in LiDAR-maker Velodyne; Chinese search engine company Baidu has likewise made a $75M investment. LiDAR is expected to provide navigational assistance for these self-driving vehicles.

Way Up There

Words

  • Univision’s bid wins Gawker Media (Recode) — Of the two known bidders — Ziff-Davis and Univision — the latter’s $135M bid won bankrupt Gawker Media and its brands. Gawker’s lineup joins The Onion and The Root, purchased by Univision, and Fusion which Univision originally created jointly with Disney and now owns outright. Founder Nick Denton seems pleased with this outcome as his brands and workers continue without disruption; billionaire Pete Thiel gets partial revenge on Denton for outing him by forcing the bankruptcy and sale. Univision’s editorial policy will be less personal in its coverage — probably a good thing. Let’s check back in a year.
  • ‘Not a good fit’ says Barnes & Noble as CEO shown the door (GalleyCat) — Whoa. You don’t see such blunt statements about CEOs, especially one with less than a year under their belt. The company’s stock has been up though retail sales continued to struggle in competition against Amazon. Feels like there’s more to this story. In the mean time, Ron Boire is out the door and executive chairman Leonard Riggio will delay his retirement until a new CEO is found. Hope the next one can salvage NOOK tablet platform because I can’t stand Amazon’s Kindle.
  • Turkish court closes pro-Kurdish newspaper Ozgur Gundem (Business Standard) — Claiming the paper was a propaganda outlet for Kurdistan Workers’ Party (PKK), labeled a terrorist organist organization by Turkey, EU, and the US. The court said the closure was not related to the government’s post-coup purge of media believed to be sympathetic to Gülen movement. An appeal is possible.

I-Spy: Cyber Edition
You’ve probably heard about the alleged hacking of a NSA server and the subsequent attempt to auction contents from that server. Edward Snowden offered his perspective on the situation — I’ve Storify’d the tweet thread for your reading ease.

The disclosure and attempted auction were likely done by Russia for political reasons given the timing. Hacking and accessing the contents of the server should be expected — it’s ordinary spying, same as the U.S. does. But the revelation is a new tack; Snowden suggests it’s a warning to the U.S. about potential future disclosures. Read the thread for yourself.

I don’t think this hacking and disclosure happened in a vacuum. There’s a much bigger game to puzzle out — add the meeting between Russia and Saudi Arabia to “achieve oil market stability” as well as Russia’s express interest in Saudi Arabia’s plans to build as many as 16 nuclear reactors. Factor in a change in relationship between Iran and Russia now that Russia has deployed long-range bombers from Iran for the first time against ISIS. Russia, Saudi Arabia and Iran have some of the largest proven oil reserves in the world, all three in the top 10 and in Saudi’s case, influence over OPEC. Is Russia preparing for asymmetric economic pressure?

Late adder: #BlueCutFire in San Bernadino County, CA is very bad, now 82,000 ordered to evacuate.

That’s it for now, still Tuesday in the next time zone. Let’s see if I can make it over the hump earlier tomorrow.

Monday: Skate Away

Monday means it’s movie day, and I think this charming little documentary fills the bill. Valley Of A Thousand Hills from Jess Colquhoun looks at Zulu youth participating in a skate camp and the impact on their lives. They’re quite optimistic in spite of limited resources and opportunities. The film left the feeling they’re on the verge of a breakthrough — like these kids could really change global culture if they wanted to. They appear more self-aware and energized than most adults I run into of late.

Wrath of Gods kind of weather

Might be time to brush off that copy of J. G. Ballard’s The Drowned World and ponder a post-apocalyptic future under water. We’ve likely passed the 1.5C degree global warming threshold without any sense of urgency to act on climate change which fuels this wave of flooding.

Sigh-ber

  • Hotels across ten states breached (Reuters) — Hey, now you philanderers have an excuse for that bizarre charge to your room at the Starwood, Marriott, Hyatt, or InterContinental hotel for strawberries, whip cream, and a leather flogger during your last business trip. “It’s just a hacker, honey, that’s all, really…” HEI Hotels & Resorts, the operator of the affected hotels, found the malware in its systems handling payment card data. The malware had been present in the system for roughly 18 months while 20,000 transactions were exposed.
  • Google ‘secretly’ developing a new OS (TechnoBuffalo) — A well-known Linux blogger wrote Google references “Pink + Purple == Fuschia (a new Operating System)” in its Git repository. The two colors are believed to refer to Magenta and LK kernels which Google is using to build a wholly new operating system. Magenta does not have a Wikipedia entry at the time of this post but Googlesource has a brief explainer for Magenta and LK. The two kernels serve different purposes but combined they may be able to operate any device whether small Internet of Things single purpose devices or multi-purpose devices like personal computers. This may be the direction Google has chosen to go rather than fully merge its Chrome OS with Android. The new operating system could also resolve some annoying problems with antitrust regulators if Android is cut loose and managed by an open source consortium, perhaps one established by and aligned with the Open Handset Alliance.
  • Banking malware attacks Android users browsing sites using Google AdSense (SecureList) — The thieves pay for a listing on AdSense, put their malicious ad in the system, and it downloads to an Android device whenever the user reads a website featuring the contaminated ad. Yuck. Use your antivirus app regularly on your Android devices as this nasty thing may pick up your financial information.

Longread: Manners matter?
At Aeon.com, Professor Eleanor Dickey of University of Reading-UK discusses the ‘magic word’ and its use in early democratic society, and its decline with the rise of a hierarchical system in the fourth century BCE. Are we a more or less democratic society based on our current level of societal manners?

Catch you tomorrow if the creek doesn’t rise!

Friday: The Immoral Minority

While philosopher Slavoj Žižek isn’t everybody’s cup of quirky tea, he’s got a valid point in this video.

The right-wing has abandoned its claim to be the Moral Majority.

Don’t mistake this as a validation of the Democratic Party here in the U.S.; they are only earning a majority in terms of politics, and in no small part by being the “Not GOP” party. With its leadership cozying up to war criminals, climate denialists and fossil fuel-based polluters, and general denigrators both of human rights and the public commons, they are not the Moral Majority by default.

But an unorganized left in this country rejects the right-wing’s ethical decay implicitly underpinning the Republican Party. The left rejects those values which undermine democracy — misogyny, racism and marginalization of other minorities, the ongoing subversion of individuals’ rights to promote the interests of corporations.

A true Moral Majority won’t support a social contract undermining democracy by limiting life, liberty, and happiness’ pursuit to a narrow few. It’s well past time for the broader left to coalesce into an organized entity based upon the belief that all humans are created equal and deserving a more perfect union.

Zapped by Zika

  • “ZIKA VIRUS | Days since White House funding request: 186 | Funding response from Congress: $0 | Zika cases in US and territories: 8,580” (Tweet, Dan Diamond/Politico)
  • Peter robbed to pay Paul: DHHS pulls money from other projects to fund Zika vaccine research (Reuters) — Lacking new dedicated funding from Congress, U.S. Department of Health and Human Services squeezed out $81 million and spread it into Zika vaccine research, with $34 million of that to the National Institutes of Health and $47 million to the Biomedical Advanced Research and Development Authority (BARDA). The white House had asked for $1.9 billion last fall for Zika, but that amount was pared down by 42%; Republicans then objected to any of the remaining portion going to Planned Parenthood, putting Democrats in a bind. Access to birth control is critically important to preventing Zika’s spread; access to abortion could prevent the birth of severely deformed infants who will live short, utterly miserable, and expensive lives.
  • Arthrogryposis — congenital joint defects — associated with Zika during pregnancy (The BMJ) — Dislocated and or misshaped knees, ankles, elbows, hips appeared in children born with other neurological defects found in Zika-infected fetuses. Further research is necessary to prove both the virus is causal and learn the mechanism by which the virus inflicts this damage in utero. The patients had been tested for other known causes of arthrogryposis — toxoplasmosis, cytomegalovirus, rubella, syphilis, and HIV. All were negative.
  • First infant death due to Zika reported in Texas (KHOU) — The infant’s mother traveled to El Salvador during pregnancy where it is believed she contracted the virus.
  • Zika virus case confirmed in Monroe County, Michigan (Detroit Free Press) — But the method of infection is not clear (what?!). County health and state officials are working toward mosquito surveillance.

Wheels and steals

  • Millions of vehicles made from 1995 on vulnerable to keyless-remote hacking (USENIX) — Researchers at University of Birmingham and Kasper & Oswald GmbH presented a paper at the USENIX 2016 conference, showing more than 20 years’ worth of VW Group vehicles are hackable using inexpensive Arduino-based RF transceiver technology. Alfa Romeo, Chevrolet, Peugeot, Lancia, Opel, Renault, Ford and other makes relying on the Hitag2 access security method are similarly at risk. Researchers also looked at after-market keyless entry remotes for these and other vehicles; the cars for which these worked were also vulnerable. All vehicles tested appear to be those made for the European market, but the research noted the radio frequency differences — 315 MHz band in North America and the 433 MHz or 868 MHz band in Europe — used in remotes. The paper’s research team notified VW in November 2015 of their results; NXP Semiconductor, a manufacturer of Hitag2 remote technology, was also notified. NXP had already informed customers of the vulnerability in 2012 and has already improved device security.
  • Volkswagen suppressed news about keyless remote insecurity since 2013 (Bloomberg) — The same researchers from University of Birmingham and Kasper & Oswald GmbH had originally approached NXP Semiconductor and VW with their work in 2012 and 2013, respectively. VW sued and blocked release of their work; the paper was released this past week at USENIX only “after lengthy negotiations” and the removal of a single sentence which car thieves could use to easily crack the keyless remotes. A number of suspicious automobile thefts over the years may have relied on hacking remotes; will insurance companies look into these thefts and demand recovery from VW?
  • DOE grants Ford $6M for fuel cell research (Detroit Free Press) — Existing fuel cell technology has been too expensive for successful commercialization; the grant will be used to develop cheaper technology competitive with battery and internal combustion engines.

Longread: Geopolitics
FiveBooks.com interviewed former state department official and senior fellow at the Council on Foreign Relations, Jennifer M. Harris, about geopolitics. She discusses the topic and offers five book recommendations about the same. Harris is the co-author of recently released War by Other Means: Geoeconomics and Statecraft. Given her work as U.S. National Intelligence Council staff followed by work on economics under then-Secretary of State Hillary Clinton, this interview might offer a preview to future statecraft.

Friday Jazz
It’s still Friday somewhere according to my clock. Try French performer Zaz, stage name for Isabelle Geffroy. If you like this ditty, preview more of her work on her channel on SoundCloud.

It’s been a hectic week here; next week doesn’t look any better, but I’ll aim to be here on Monday. Have a relaxing weekend!

1 2 3 56