Posts

Three Things: It’s All About the Cable, Mabel. Oh, and the Mooch

If last night’s Twitter timeline was any measure, folks have a LOT to say about premium cable programming let alone the cable television industry. Add the crazy surrounding White House communications and it’s best if I just get out of the way and run like hell.

~ 3 ~

I simply can’t write fast enough or better about the situation than many folks have on Twitter already.

Basta.

~ 2 ~

Crazy amount of chatter about cable networks and M&A. Biggest stories:

Discovery to buy HGTV’s owner Scripps because of Scripps’ audience demographics — heavily weighted toward women.

Charter Communications will not merge with Sprint to expand into cell phone business; it already has a reseller agreement with Verizon.

However, Japan’s Softbank, Sprint’s parent, is interested in buying Charter Communications. This deserves debate in Congress as well as CFIUS review. There’s a reason why Charter isn’t Cable but Communications now; do we want additional foreign ownership of another communications network even if it isn’t fully into the cell phone business (yet)?

Should note here that a beef I have with my GOP representative on regulating cable networks is on this very point. Rep-who-will-not-be-named sent a pro forma response spouting what is probably party line: FTC has always regulated cable, shouldn’t increase regulation by allowing cable to be regulated by FCC.

Except that cable isn’t just a series of tubes distributing entertainment content. It’s also a series of tubes carrying our communications.

Again, do we want to allow foreign ownership of these particular communications tube in addition to existing cell phone network ownership?

~ 1 ~

By now you may have heard HBO’s most popular series, Game of Thrones, may have been affected by a breach of the cable network’s system. Based on conflicting reports, it’s not clear what was stolen from HBO, though unlike other recent hacks HBO itself was attacked and not a content creator/producer. It may sound reminiscent of the Sony Entertainment hack but HBO is nowhere as leaky as Sony.

Will winter still come after this hack? You’ll have to tell me — this isn’t a series I follow.

~ 0 ~

There you have it, your next open thread. Trump-Russia stuff in the last one, please. Everything else here.

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.

Minority Report: An Alternative Look at NotPetya

NB: Before reading:

1) Check the byline — this is NotMarcy;

2) Some of this content is speculative;

3) This is a minority report; I’m not on the same paragraph and perhaps not the same page with Marcy.

Tuesday’s ‘Petya/Petna/NotPetya’ malware attacks generated a lot of misleading information and rapid assumptions. Some of the fog can be rightfully blamed on the speed and breadth of infection. Some of it can also be blamed on the combined effect of information security professionals discussing in-flight attacks in full view of the public who make too many assumptions.

There’s also the possibility that some of the confusing information may have been deliberately generated to thwart too-early intervention. If this isn’t criminal hacking but cyber warfare, propaganda should be expected as in all other forms of warfare. Flawed assumptions, too, can be weaponized.

A key assumption worth re-examining is that Ukraine was NotPetya’s primary target rather than collateral damage.

After the malware completed its installation and rebooted an infected machine, a message indicated files had been encrypted and payment could be offered for decryption.

Thousands of dollars were paid $300 at a time in cryptocurrency but a decryption key wouldn’t be forthcoming. Users who tried to pay the ransom found the contact email address hosted by Posteo.net had been terminated. The email service company was unhelpful bordering on outright hostile in its refusal to assist users contacting the email account holder. It looked like a ransom scam gone very wrong.

As Marcy noted in her earlier post on NotPetyna, information security expert Matt Suiche posted that NotPetya was a wiper and not ransomware. The inability of affected users to obtain decryption code suddenly made perfect sense. ‘Encrypted’ files are never going to be opened again.

It’s important to think about the affected persons and organizations and how they likely responded to the infection. If they didn’t already have a policy in place for dealing with ransomware, they may have had impromptu meetings about their approach; they had to buy cryptocurrency, which may have required a crash DIY course in how to acquire it and how to make a payment — scrambling under the assumption they were dealing with ransomware.

It all began sometime after 10:30 UTC/GMT — 11:30 a.m. London (BDT), 1:30 p.m. Kyiv and Moscow local time, even later in points across Russia farther east.

(And 4:30 a.m. EDT — well ahead of the U.S. stock market, early enough for certain morning Twitter users to tweet about the attack before America’s work day began.)

The world’s largest shipping line, Maersk, and Russia’s largest taxpayer and oil producer Rosneft tweeted about the attack less than two hours after it began.

By the end of the normal work day in Ukraine time, staff would only have just begun to deal with the ugly truth that the ransom may have been handed off and no decryption key was coming.

As Marcy noted, June 28th is a public holiday in Ukraine — Constitution Day. I hope IT folks there didn’t have a full backup scheduled to run going into the holiday evening — one that might overwrite a previous full backup.

The infection’s spread rate suggested early on that email was not the only means of transmission, if it had been spread at all by spearfishing. But many information security folks advocated not opening any links in email. A false sense of security may have aided the malware’s dispersion; users may have thought, “I’m not clicking on anything, I can’t get it!” while their local area network was being compromised.

And then it hit them. While affected users sat at their machines reading fake messages displayed by the malware, scrambling to get cryptocurrency for the ransom, NotPetya continued to encrypt files under their noses and spread across business’s local area networks. Here’s where Microsoft’s postmortem is particularly interesting; it not only gives a tick-tock of the malware’s attack on a system, but it lists the file formats encrypted.

Virtually everything a business would use day to day was encrypted, from Office files to maps, website files to emails, zip archives and backups.

Oh, and Oracle files. Remember Oracle pushed a 299 vulnerability mega-patch on April 19, days after ShadowBrokers dumped some NSA tools? Convenient, that; these vulnerabilities were no longer a line of attack except through file encryption.

While information security experts have done a fine job tackling a many-headed hydra ravaging businesses, they made some rather broad assumptions about the reason for the attack. Kaspersky concluded the target was Ukraine since ~60% of infected devices were located there though 30% were located in Russia. But the malware’s aim may not have been the machines or even the businesses affected in Ukraine.

What did those businesses do? What they did required tax application software MEDoc. If the taxes to be calculated were based on business’s profits — (how much did they make) X (tax rate) — they hardly needed tax software. A simple spreadsheet would suffice, or the calculation would be built into accounting software.

No, the businesses affected by the malware pushed at 10:30 GMT via MEDoc update would be those which sold goods or services frequently, on which sales tax would have been required for each transaction.

What happens when a business’s sales can’t be documented? What happens when their purchases can’t be documented, either?

Which brings me to the affected Russian businesses, specifically Rosneft. There’s not much news published in English detailing the impact on Rosneft; we’ve only got Kaspersky’s word that 30% of infections affected Russian machines.

But if Rosneft is the largest public oil company in the world, Russia’s largest taxpayer as Rosneft says on their Twitter profile, it may not take very many infections to wreak considerable damage on the Russian economy. Consider the ratio of one machine invoicing the shipment of entire ocean tanker of oil versus many machines billing heating oil in household-sized quantities.

And if Rosneft oil was bought by Ukraine and resold to the EU, Ukraine’s infected machines would cause a delay of settlements to Russia especially when Rosneft must restore its own machines to make claims on Ukrainian customers.

The other interesting detail in this malware story is that the largest container line in the world, Maersk, was also affected. You may have seen shipping containers on trucks, trains, in shipyards and on ships marked in bold block letters, MAERSK. What you probably haven’t seen is Maersk’s energy transport business.

This includes shipping oil.

It’s not Ukraine’s oil Maersk ships; most of what Ukraine sells is through pipelines running from Russia in the east and mostly toward EU nations in the west.

It’s Russian oil, probably Rosneft’s, shipping overseas. If it’s not in Maersk container vessels, it may be moving through Maersk-run terminal facilities. And if Maersk has no idea what is shipping, where it’s located, when it will arrive, it will have a difficult time settling up with Rosneft.

Maersk also does oil drilling — it’s probably not Ukraine to whom Maersk may lease equipment or contract its services.

Give the potential damage to Russia’s financial interests, it seems odd that Ukraine is perceived as the primary target.

 

NotPetya’s attack didn’t happen in a vacuum, either.

A report in Germany’s Die Welt reported the assassination of Ukraine’s chief of intelligence by car bomb. The explosion happened about the same time that Ukraine’s central bank reported it had been affected by NotPetya — probably a couple hours after 10:30 a.m. GMT.

On Monday, privately-owned Russian conglomerate Sistema had a sizable chunk of assets “arrested” — not seized, but halted from sale or trading — due to a dispute with Rosneft over $2.8 billion dollars. Rosneft claims Sistema owes it money from the acquisition of oil producer Bashneft, owned by Sistema until 2014. Some of the assets seized included part of mobile communications company MTS. It’s likely this court case Rosneft referred to in its first tweet related to NotPetya.

The assassination’s timing makes the cyber attack look more like NotPetya was a Russian offensive, but why would Russia damage its largest sources of income and mess with its cash flow? The lawsuit against Sistema makes Rosneft appear itchy for income — Bashneft had been sold to the state in 2014, then Rosneft bought it from the state last year. Does Rosneft need this cash after the sale (or transfer) of a 19.5% stake worth $10.2 billion last year?

Worth noting here that Qatar’s sovereign wealth fund financed the bulk of the deal; commodities trader Glencore only financed 300 million euros of this transaction. How does the rift between other Middle Eastern oil states and Qatar affect the value of its sovereign wealth fund?

In her previous post, Marcy spitballed about digital sanctions — would they look like NotPetya? I think so. I can’t help recall this bit at the end of the Washington Post’s opus on Russian election interference published last week on June 23:

But Obama also signed the secret finding, officials said, authorizing a new covert program involving the NSA, CIA and U.S. Cyber Command.

[…]

The cyber operation is still in its early stages and involves deploying “implants” in Russian networks deemed “important to the adversary and that would cause them pain and discomfort if they were disrupted,” a former U.S. official said.

The implants were developed by the NSA and designed so that they could be triggered remotely as part of retaliatory cyber-strike in the face of Russian aggression, whether an attack on a power grid or interference in a future presidential race.

I’m sure it’s just a coincidence that NotPetya launched Tuesday this week. This bit reported in Fortune is surely a coincidence, too:

The timing and initial target of the attack, MeDoc, is sure to provoke speculation that an adversary of Ukraine might be to blame. The ransomware hid undetected for five days before being triggered a day before a public Ukrainian holiday that celebrates the nation’s ratification of a new constitution in 1996.

“Last night in Ukraine, the night before Constitution Day, someone pushed the detonate button,” said Craig Williams, head of Cisco’s (CSCO, +1.07%) Talos threat intelligence unit. “That makes this more of a political statement than just a piece of ransomware.” [boldface mine]

Indeed.

Two more things before this post wraps: did anybody notice there has been little discussion about attribution due to characters, keyboards, language construction in NotPetya’s code? Are hackers getting better at producing code without tell-tale hints?

Did the previous attacks based on tools released by the Shadow Brokers have secondary — possibly even primary — purposes apart from disruption and extortion? Were they intended to inoculate enterprise and individual users before a destructive weapon like NotPetya was released? Were there other purposes not obvious to information security professionals?

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.

Penetrated: Today’s Senate Intelligence Committee Hearing on Russian Interference in the 2016 U.S. Elections

If you didn’t catch the Senate Intelligence Committee hearing on Russian influence on 2016 U.S. election on live stream, you should try to catch a replay online. I missed the first panel but caught the second when University of Michigan Prof. J. Alex Halderman began his testimony with his opening statement.

The same Halderman who questioned the 2016 election could have been hacked based on his expertise.

The same Halderman who hacked a voting machine to play Pac Man.

When asked if it was possible Russia could change votes, Halderman told the SIC that he and a team of students demonstrated they were able to hack DC’s voting system, change votes, and do so undetected in under 48 hours. Conveniently, Fox News interviewed Halderman last September; Halderman explained the DC hack demonstration at that time (see embedded video); the interview fit well with Trump’s months-long narrative that the election was ‘rigged’.

If you aren’t at least mildly panicked after watching the second panel’s testimony and reading Halderman’s statement, you’re asleep or dead, or you just plain don’t care about the U.S.’ democratic system.

Contrast and compare this Senate hearing to the House Intelligence Committee’s hearing with former DHS Secretary Jeh Johnson as a witness. Johnson sent out numerous messages last year expressing his concerns about election integrity, but after listening to the second Senate panel, Johnson should have been hair-on-fire (it’s figure of speech, go with it). But the Obama administration erred out of some twisted sense of heightened sensibility about appropriateness (which would have been better suited to its policies on drone use and domestic surveillance). The excess of caution feels more like foot dragging when viewed through the lens of time and Johnson’s testimony.

Early in the hearing, Johnson as well as DHS witnesses Jeanette Manfra and Samuel Liles said there was no evidence votes were changed. It’s important to note, though, that Johnson later clarifies in a round about way there was no way to be certain of hacking at that time (about 1:36:00-1:41:00 in hearing). I find it incredibly annoying Johnson didn’t simply defer to information security experts about the possibility there may never be evidence even if there were hacks; it’s simply not within in his skill set or experience then or now to say with absolute certainty based on forensic audit there was no evidence of votes changed. Gathering that evidence never happened because federal and state laws do not provide adequately for standardized full forensic audits before, during, or after an election.

Halderman’s SIC testimony today, in contrast, makes it clear our election system was highly vulnerable in many different ways last November.

Based on the additional testimony of a representative of National Association of State Election Directors, the President-Elect of National Association of Secretaries of State (NASS) & Secretary of State, Executive Director of Illinois State Board of Elections Illinois — whose combined testimony revealed lapses in communication between federal, state, and local government combined with gaps in information security education — the election system remains as vulnerable today as it was last autumn.

Nothing in either of these two hearings changed the fact we’ve been penetrated somewhere between 21 and 39 times. Was it good for you?

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.

Monday: A Border Too Far

In this roundup: Turkey, pipelines, and a border not meant to be crossed.

It’s nearly the end of the final Monday of 2016’s General Election campaign season. This shit show is nearly over. Thank every greater power in the universe we made it this far through these cumulative horrors.

Speaking of horrors, this Monday’s movie short is just that — a simple horror film, complete with plenty of bloody gritty gore. Rating on it is mature, not for any adult content but for its violence. The film is about illegal immigrants who want more from life, but it plays with the concepts of alien identity and zombie-ism. Who are the illegals, the aliens, the zombies? What is the nature of the predator and their prey? Does a rational explanation for the existence of the monstrous legitimize the horror they perpetuate in any way?

The logline for this film includes an even shorter tag line: Some borders aren’t meant to be crossed. This is worth meditating on after the horrors we’ve seen this past six months. Immigrants and refugees aren’t the monsters. And women aren’t feeble creatures to be marginalized and counted out.

Should also point out this film’s production team is mostly Latin American. This is the near-future of American storytelling and film. I can’t wait for more.

Tough Turkey
The situation in Turkey is extremely challenging, requiring diplomacy a certain Cheeto-headed candidate is not up to handling and will screw up if he places his own interests ahead of that of the U.S. and the rest of the world.

  • Luxembourg’s foreign minister compares Erdoğan’s purge to Nazi Germany (Deutsche Welle) — Yeah, I can’t argue with this when a political party representing an ethnic minority and a group sharing religious dogma are targeted for removal from jobs, arrest and detention.
  • Op-Ed: Erdoğan targeting critics of all kinds (Guardian) — Yup. Media, judges, teachers, persons of Kurdish heritage or Gulenist religious bent, secularists, you name it. Power consolidation in progress. Democracy, my left foot.
  • HDP boycotts Turkish parliament after the arrest of its leaders (BBC) — Erdoğan claimed the arrested HDP leaders were in cahoot with the PKK, a Kurdish group identified as a terrorist organization. You’ll recall HDP represents much of Turkey’s Kurdish minority. But Erdoğan also said he doesn’t care if the EU calls him a dictator; he said the EU abets terrorism. Sure. Tell the cities of Paris and Brussels that one. Think Erdoğan has been taking notes from Trump.
  • U.S. and Turkish military leaders meet to work out Kurd-led ops against ISIS (Guardian) — Awkward. Turkish military officials were still tetchy about an arrangement in which Kurdish forces would act against ISIS in Raqqa, Syria, about 100 miles east of Aleppo. The People’s Protection Units (YPG) militia — the Kurdish forces — will work in concert with Arab members of Syrian Democratic Forces (SDF) coalition in Raqqa to remove ISIS. Initial blame aimed at the PKK for a car bomb after HDP members were arrested heightened existing tensions between Erdoğan loyalists and the Kurds, though ISIS later took responsibility for the deadly blast. Depending on whose take one reads, the Arab part of SDF will lead the effort versus any Kurdish forces. Turkey attacked YPG forces back in August while YPG and Turkey were both supposed to be routing ISIS.

In the background behind Erdoğan’s moves to consolidate power under the Turkish presidency and the fight to eliminate ISIS from Syria and neighboring territory, there is a struggle for control of oil and gas moving through or by Turkey.

Russia lost considerable revenue after oil prices crashed in 2014. A weak ruble has helped but to replace lost revenue based on oil’s price, Russia has increased output to record levels. Increase supply only reduces price, especially when Saudi Arabia, OPEC producers, and Iran cannot agree upon and implement a production limit. If Russia will not likewise agree to production curbs, oil prices will remain low and Russia’s revenues will continue to flag.

Increasing pipelines for both oil and gas could bolster revenues, however. Russia can literally throttle supply near its end of hydrocarbon pipelines and force buyers in the EU and everywhere in between to pay higher rates — the history of Ukrainian-Russian pipeline disputes demonstrates this strategy. Bypassing Ukraine altogether would help Russia avoid both established rates and conflict there with the west. The opportunities encourage Putin to deal with Erdoğan, renormalizing relations after Turkey shot down a Russian jet last November. Russia and Turkey had met in summer of 2015 to discuss a new gas pipeline; they’ve now met again in August and in October to return to plans for funding the same pipeline.

A previous pipeline ‘war’ between Russia and the west ended in late 2014. This conflict may only have been paused, though. Between Russia’s pressure to sell more hydrocarbons to the EU, threats to pipelines from PKK-attributed terrorism and ISIS warfare near Turkey’s southwestern border, and implications that Erdoğan has been involved in ISIS’ sales of oil to the EU, Erdoğan may be willing to drop pursuit of EU membership to gain more internal control and profit from Russia’s desire for more hydrocarbon revenues. In the middle of all this mess, Erdoğan has expressed a desire to reinstate the death penalty for alleged coup plotters and dissenters — a border too far for EU membership since death penalty is not permitted by EU law.

This situation requires far more diplomatic skill than certain presidential candidates will be able to muster. Certainly not from a candidate who doesn’t know what Aleppo is, and certainly not from a candidate who thinks he is the only solution to every problem.

Cybery miscellany

That’s it for now. I’ll put up an open thread dedicated to all things election in the morning. Brace yourselves.

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.

‘Picking on’ Volkswagen: Why Follow Dieselgate?

[photo: macwagen via Flickr]

[photo: macwagen via Flickr]

One of our commenters described my attention to Dieselgate as ‘picking on’ Volkswagen. It’s not as if there haven’t been scandalous problems with other automotive industry manufacturers, like General Motors’ ignition switches or Takata’s airbag failures, right?

But Volkswagen earns greater attention here at this site because:

1) A critical mass of emptywheel readers are not familiar with the automotive industry, let alone manufacturing; they do not regularly follow automotive news. Quite a number are familiar with enterprise information security, but not car manufacturing or with passenger vehicle security. Many of the readers here are also in policy making, law enforcement, judiciary — persons who may influence outcomes at the very beginning or very end of the product manufacturing life cycle.

2) This is the first identified* multi-year incidence in which an automotive industry manufacturer using computer programming of a street-ready vehicle to defraud consumers and willfully violate multiple U.S. laws. This willfulness wholly separates the nature of this risk from other passenger vehicle vulnerabilities, ex: Fiat Chrysler’s hackable Uconnect dashboard computers or Nissan’s unprotected APIs for keyless remotes. (These latter events arose from inadequate info security awareness though responsiveness of vehicle manufacturers after notification may be in question.)

3) Volkswagen Group is the single largest passenger vehicle manufacturer in Europe. This isn’t a little deal considering half of all passenger vehicles in Europe are diesel-powered. Health and environmental damage in the U.S. from 600,000 passenger diesels has been bad enough; it’s taking lives in the tens of thousands across Europe. 75,000 premature deaths in 2012 alone were attributed to urban NO2 exposures, the source of which is diesel engines. It was testing in the U.S. against U.S. emissions standards which brought VW’s ‘cheating’ to light making it impossible for the EU to ignore any longer. The environmental damage from all Volkswagen passenger diesels combined isn’t localized; these additional non-compliant emissions exacerbate global climate change.

These are the reasons why Dieselgate deserved heightened scrutiny here to date — but the reasons why this scandal merits continued awareness have everything to do with an as-yet unrealized future.

We are on the cusp of a dramatic paradigm shift in transportation, driven in no small part by the need for reduced emissions. Development and implementation of battery-powered powertrains are tightly entwined with artificial intelligence development for self-driving cars. Pittsburgh PA is already a testing ground for a fleet of self-driving Uber vehicles; Michigan’s state senate seeks changes to the state’s vehicle code to permit self-driving cars to operate without a human driver to intervene.

All of this represents a paradigm shift in threats to the public on U.S. highways. Self-driving car makers and their AI partners claim self-driving vehicles will be safer than human-driven cars. We won’t know what the truth is for some time, whether AI will make better decisions than humans.

But new risks arise:

  • An entire line of vehicles can pose a threat if they are programmed to evade laws, ex: VW’s electronic control unit using proprietary code which could be manipulated before installation. (Intentional ‘defect’.)
  • An entire line of vehicles can be compromised if they have inherent vulnerabilities built into them, ex: Fiat Chrysler’s Uconnect dashboard computers. (Unintentional ‘defect’.)

Let’s ‘pick on’ another manufacturer for a moment: imagine every single Fiat Chrysler/Dodge/Jeep vehicle on the road in 5-10 years programmed to evade state and federal laws on emissions and diagnostic tests for road-worthiness. Imagine that same programming exploit used by criminals for other means. We’re no longer looking at a mere hundred thousand vehicles a year but millions, and the number of people at risk even greater.

The fear of robots is all hype, until one realizes some robots are on the road now, and in the very near future all vehicles will be robots. Robots are only as perfect as their makers.

An additional challenge posed by Volkswagen is its corporate culture and the deliberate use of a language barrier to frustrate fact-finding and obscure responsibility. Imagine now foreign transportation manufacturers not only using cultural barriers to hide their deliberate violation of laws, but masking the problems in their programming using the same techniques. Because of GM’s labyrinthine corporate bureaucracy, identifying the problems which contributed to the ignition switch scandal was difficult. Imagine how much more cumbersome it would be to tease out the roots if the entire corporate culture deliberately hid the source using culture, even into the coding language itself? Don’t take my word for how culture is used to this end — listen to a former VW employee who explains how VW’s management prevaricates on its ‘involvement’ in Dieselgate (video at 14:15-19:46).

Should we really wait for another five to 10 years to ‘pick on’ manufacturers of artificially intelligent vehicles — cars with the ability lie to us as much as their makers will? Or should we look very closely now at the nexus of transportation and programming where problems already occur, and create effective policy and enforcement for the road ahead?
_________
* A recent additional study suggests that Volkswagen Group is not the only passenger diesel manufacturer using emissions controls defeats.

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.

Monday: A Different Ark

[Caution: some content in this video is NSFW] Today’s Monday Movie is a short film by Patrick Cederberg published three years ago. This short reflects the love life of a youth whose age is close to that of my two kids. A few things have changed in terms of technology used — I don’t think either Facebook or Chatroulette is as popular now with high school and college students as it was, but the speed of internet-mediated relationships is the same. It’s dizzying to keep up with kids who are drowning in information about everything including their loved ones.

Their use of social media to monitor each other’s commitment is particularly frightening; it’s too easy to misinterpret content and make a snap decision as this movie shows so well. Just as scary is the ease with which one may violate the privacy of another and simply move on.

Imagine if this youngster Noah had to make a snap decision about someone with whom they weren’t emotionally engaged. Imagine them using their lifetime of video gaming and that same shallow, too-rapid decision-making process while piloting a drone.

Boom.

Goodness knows real adults with much more life experience demonstrate bizarre and repeated lapses in judgment using technology. Why should we task youths fresh out of high school and little education in ethics and philosophy with using technology like remote surveillance and weaponized drones?

Speaking of drones, here’s an interview with GWU’s Hugh Gusterson on drone warfare including his recommendations on five of books about drones.

A, B, C, D, USB…

  • USBKiller no longer just a concept (Mashable) –$56 will buy you a USB device which can kill nearly any laptop with a burst of electricity. The only devices known to be immune: those without USB ports. The manufacturer calls this device a “testing device.” Apparently the score is Pass/Fail and mostly Fail.
  • Malware USBee jumps air-gapped computers (Ars Technica) — Same researchers at Israel’s Ben Gurion University who’ve been working on the potential to hack air-gapped computers have now written software using a USB device to obtain information from them.
  • Hydropower charger for USB devices available in 2017 (Digital Trends) — Huh. If I’m going to do a lot of off-grid camping, I guess I should consider chipping into the Kickstarter for this device which charges a built-in 6,400mAh battery. Takes 4.5 hours to charge, though — either need a steady stream of water, or that’s a lot of canoe paddling.

Hackety-hack, don’t walk back

  • Arizona and Illinois state elections systems breached (Reuters) — An anonymous official indicated the FBI was looking for evidence other states may also have been breached. The two states experienced different levels of breaches — 200K voters’ personal data had been downloaded from Illinois, while a single state employee’s computer had been compromised with malware in Arizona, according to Reuters’ report. A report by CSO Online explains the breaches as outlined in an leaked FBI memo in greater detail; the attacks may have employed a commonly-used website vulnerability testing application to identify weak spots in the states’ systems. Arizona will hold its primary election tomorrow, August 30.
  • Now-defunct Australian satellite communications provider NewSat lousy with cyber holes (Australian Broadcasting Corp) — ABC’s report said Australia’s trade commission and Defence Science Technology Group have been attacked frequently, but the worst target was NewSat. The breaches required a complete replacement of NewSat’s network at a time when it was struggling with profitability during the ramp-up to launch the Lockheed Martin Jabiru-1 Ka-band satellite. China was named as a likely suspect due to the level of skill and organization required for the numerous breaches as well as economic interest. ABC’s Four Corners investigative reporting program also covered this topic — worth watching for the entertaining quotes by former CIA Director Michael Hayden and computer security consultant/hacker Kevin Mitnick in the same video.
  • Opera software users should reset passwords due to possible breach (Threatpost) — Thought users’ passwords were encrypted or hashed, the browser manufacturer still asks users to reset passwords used to sync their Opera accounts as the sync system “showed signs of an attack.” Norwegian company Opera Software has been sold recently to a Chinese group though the sale may not yet have closed.

That’s a wrap for now, catch you tomorrow! Don’t forget your bug spray!

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.

Thursday: Only You

Sometimes when I go exploring for music I find something I like but it’s a complete mystery how it came to be. I can’t tell you much of anything about this artist — only that he’s German, he’s repped by a company in the Netherlands, and his genre is house/electronica. And that’s it, apart from the fact he’s got more tracks you can listen to on SoundCloud. My favorites so far are this faintly retro piece embedded here (on SoundCloud at Only You) and Fade — both make fairly mellow listening. His more popular works are a little more aggressive, like Gunshots and HWAH.

Caught a late summer bug, not firing on all cylinders. Here’s some assorted odds and ends that caught my eye between much-needed naps.

  • Infosec firm approached investment firm to play short on buggy medical devices (Bloomberg) — Jeebus. Bloomberg calls this “highly unorthodox,” but it’s just grossly unethical. Why didn’t this bunch of hackers at MedSec go to the FDA and the SEC? This is a shakedown where they get the market to pay them first instead of ensuring patients are protected and shareholders of St. Jude medical device manufacturer’s stock are appropriately informed. I call bullshit here — they’re trying to game the system for profit and don’t give a shit about the patients at risk. You know when the maximum payout would be? When patient deaths occurred and were reported to the media.
  • Apple iPhone users, update your devices to iOS 9.3.5 stat: serious malware designed to spy and gain control of iPhone found (Motherboard) — Hey look, a backdoor applied after the fact by a “ghost” government spyware company. The malware has been around since iPhone 5/iOS 7; it could take control of an iPhone and allow a remote jailbreak of the device. Interesting this Israeli spyware firm received a big chunk of cash from U.S. investor(s).
  • Apple filed for patent on unauthorized user biometric data collection system (AppleInsider) — If an “unauthorized user” (read: thief) uses an iPhone equipped with this technology, the device could capture a photo and fingerprint of the user for use by law enforcement. Not exactly rocket science to understand how this might be used by law enforcement remotely to assure a particular contact (read: target) is in possession of an iPhone, either. Keep an eye on this stuff.
  • India-France submarine construction program hacked (NDTV) — The Indian Navy contracted construction of (6) Scorpene-class submarines from French shipbuilder DCNS. Tens of thousands of pages of information from this classified project were leaked; the source of the documents appears to be DCNS, not India. The French government as well as India is investigating the hack, which is believed to be a casualty in “economic war.”
  • Hacking of Ghostbusters’ star Leslie Jones under investigation (Guardian) — Jones’ website and iCloud accounts were breached; initial reports indicated the FBI was investigating the matter, but this report says Homeland Security is handlng the case. Does this mean an overseas attacker has already been identified?
  • Taiwanese White hat hacker and open government activist named to digital policy role (HKFP) — Audrey Tang, programmer and consultant for Apple, will shift gears from private to public sector now that she’s been appointed an executive councillor for digital policy by Taiwan. Tang has been part of the Sunflower Student Movement which has demanded greater transparency and accountability on Cross-Strait Service Trade Agreement with China while resisting Chinese reunification.
  • Oops! Recent Google Apps outage caused by…Google? (Google Cloud) — Change management boo-boo borked an update; apparently engineers working on an App Engine update didn’t know software updates on routers was in progress while they performed some maintenance. Not good.
  • Gyroscope made of tiny atomic chamber could replace GPS navigation (NIST.gov) — A miniature cloud of atoms held in suspension between two states of energy could be used as a highly accurate mini-gyroscope. National Institute of Standards and Technology has been working a mini-gyro for years to provide alternate navigation in case GPS is hacked or jammed.
  • Tim Berners-Lee wants to decentralize the internet (Digital Trends) — The internet has centralized into corporate-owned silos of storage and activities like Facebook, Google and eBay. Berners-Lee, who is responsible for the development of browsing hyperlinked documents over a network, wants the internet to be spread out again and your data in your own control.

That’s enough to chew on for now. Hope to check in Friday if I shake off this bug.

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.

Monday: Build That Wall

Poor Ireland. Poor Inishturk. To be forced to consider the onslaught of refugees fleeing political upheaval should one loud-mouthed, bigoted, multi-bankrupt idiot with bad hair win the U.S. presidency. I’m amused at how the Irish in this short film mirror the U.S. albeit in a more placid way. There are some who are ardently against him, some who’d welcome the business, and the rest cover the spread between the extremes though they lean more to the left than the right.

I find it appalling, though, that Trump would install a sea wall *now* after the golf course development has already been established, rather than do his homework upfront before investing in real estate which relies on natural dune formation. This kind of thoughtlessness is completely absurd, and the disgust evident in this film is well merited.

Keep your volume control handy; hearing Trump blathering may set your teeth on edge. Mute for a moment and continue.

Schtuff happens
I couldn’t pull a cogent theme out of the stuff crossing my desk today. I’m just laying it down — you see if you can make any sense out of it.

  • Ramen can get you killed in private prisons (Guardian) — The federal government may have to do more than simply stop using private prisons for federal criminal incarceration. This report by a doctoral candidate in the University of Arizona’s school of sociology suggests states’ prisons operated by private industry may be violating prisoners’ civil rights by starving them. Ramen noodles have become a hot commodity for this reason. Not exactly a beacon of morality to the rest of the free world when incarcerated citizens must scrap for ramen noodles to make up for caloric shortfalls.
  • World Anti-Doping Agency may have been attacked by same hackers who poked holes in the DNC (Guardian) — “Fancy Bear” allegedly had a fit of pique and defaced Wada after Russian athletes were banned at Rio. This stuff just doesn’t sound the same as the hacking of NSA-front Equation Group.
  • New Mexico nuclear waste accident among most costly to date (Los Angeles Times) — Substitution of an organic kitty litter product for a mineral product two years ago set off a chemical reaction un an underground waste storage area, contaminating 35% of the surrounding space. Projected clean-up costs are $2 billion — roughly the amount spent on Three Mile Island’s meltdown.
  • Build that wall! Americans blown ashore in Canada by high winds (CBC) — Participants riding flotation devices on the St. Clair River in the annual Port Huron Float Down were pushed by high winds into Sarnia, Ontario. About 1,500 Americans had to be rescued and returned to the U.S. by Canadian police, Coast Guard, and Border Service. Just a test to see if Canada’s ready for the influx of refugees should Trump win in November, right?
  • Paternity test reveals a father’s sperm actually made him an uncle (Independent) — Upon discovering a father’s DNA only matched 10% of his child’s DNA, further genetic ancestry revealed the ‘father’ had an unborn twin whose DNA he had absorbed in the womb. His twin’s DNA matched his child’s. This is not the first time paternity testing has revealed chimerism in humans.

Commute-or-lunch-length reads

  • Walmart is a crime magnet (Bloomberg) — Holy crap. Communities should just plain refuse to permit any more Walmarts until they clean up their act. Bloomberg’s piece is a virtual how-to-fix-your-bullshit task list; Walmart has zero excuses.
  • It’s in your body, what version is it running? (Backchannel) — Before the public adopts anymore wearable or implantable medical devices, they should demand open access to the code running inside them. It’s absurd a patient can’t tell if their pacemaker’s code is jacked up.
  • Dirty laundry at Deutsche Bank (The New Yorker) — This you need to read. Parasitic banking behavior comes in many forms — in this case, Deutsche Bank laundered billions.

There, we’re well on our way this week. Catch you tomorrow!

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.

Friday: Smells Like

With the lights out, it’s less dangerous
Here we are now, entertain us
I feel stupid and contagious
Here we are now, entertain us
A mulatto, an Albino
A mosquito, my libido, yeah


— excerpt, Smells Like Teen Spirit by Nirvana

Been a rough week so I’m indulging myself with some double bass — and because it’s Friday, it’s jazz. This is 2009 Thelonious Monk Competition winner Ben Williams whose ‘Teen Spirit’ is both spirited and minimalist. Check out this set with Home and Dawn Of A New Day, the first embued with a hip-hoppy beatmaking rhythm.

More Shadows on the wall
While Marcy has some questions about the recent alleged Shadow Brokers’ hack of NSA-front Equation Group and malware staging servers, I have a different one.

Why is Cisco, a network equipment company whose equipment appears to have been backdoored by the NSA, laying off 20% of its workforce right now? Yeah, yeah, I hear there’s a downturn in networking hardware sales due to Brexit and the Chinese are fierce competitors and businesses are moving from back-end IT to the cloud, but I see other data that says 50-60% of ALL internet traffic flows through Cisco equipment and there are other forecasts anticipating internet traffic growth to double between now and 2020, thanks in part to more video streaming and mobile telecom growth replacing PCs. Sure, software improvements will mediate some of that traffic’s pressure on hardware, but still…there’s got to be both ongoing replacement of aging equipment and upgrades (ex: Southwest Airlines’ router-fail outage), let alone new sales, and moving the cloud only means network equipment is consolidated, not distributed. Speaking of new sales and that internet traffic growth, there must be some anticipation related to increased use of WiFi-enabled Internet of Things stuff (technical term, that — you know, like Philips’ Hue lighting and Google Nest thermostats and Amazon Echo/Alexa-driven services).

Something doesn’t add up. Or maybe something rolls up. I dunno’. There are comments out on the internet suggesting competitor Huawei is hiring — that’s convenient, huh?

AI and Spy

  • Data security firm working on self-tweeting AI (MIT Review) — The software can generate tweets more likely to illicit response from humans than the average phishing/spearphishing attempt. Seems a little strange that a data security company is working on a tool which could make humans and networks less secure, doesn’t it?
  • Toyota sinks a bunch of cash into AI project at U of Michigan (ReadWrite) — $22 million the automaker pledged to development of self-driving cars, stair-climbing wheelchairs and other mobility projects. Toyota has already invested in similar AI development programs at Stanford in Palo Alto, CA and MIT in Cambridge, MA. Funding academic research appears to be a means to avoid a bigger hit to the corporation’s bottom line if the technologies do not yield commercially viable technology.
  • Steganography developed to mask content inside dance music (MIT Review) — Warsaw University of Technology researcher co-opted the rhythm specific to Ibiza trance music genre. The embedded Morse code buried in rhythm could not be audibly detected by casual listeners as long as it did not distort the tempo by more than 2%.

Sci-like-Fi

  • New theory suggests fifth force of nature possible (Los Angeles Times) — The search for a “dark photon” may have led to a new theory explaining the existence and action of dark energy and dark matter, which together make up 95% of the universe. I admit I need to hunt down a better article on this; this one doesn’t make all the pieces snap into place for me. If you’ve seen a better one, please share in comments.
  • Sound wave-based black hole model may show Hawking radiation at work (Scientific American) — Can’t actually create a real black hole in the lab, but a model like this one created by an Israeli scientist using phonons (not photons) may prove Stephen Hawking was right about information leakage from black holes. The work focuses on the actions of quantum-entangled particle pairs which are separated on either side of the event horizon. Beyond adding to our understanding of the universe, how this work will be used isn’t quite clear. But use of quantum entanglement in cryptography is an important and growing field; I wouldn’t be surprised to see this finding shapes cryptographic development.
  • Pregnant women’s immune system response may affect fetus’ neurological system (MedicalXpress via Phys.org) — While an expectant mother’s immune system may prevent a virus from attacking her fetus, the protective process may still affect the fetus long term. Research suggests that some neurological disorders like schizophrenia and autism may be associated with maternal infections pre-birth.

Late adder: Travel Advisory issued for pregnant women to avoid Miami Beach area according to CDC — Five more cases of Zika have been identified and appeared to have originated in the newly identified second Zika zone, this one east of Biscayne Bay in the Miami Beach area. The initial Zika zone was on the west side of Biscayne Bay. The CDC also discouraged pregnant women and their sex partners from traveling to Miami-Dade County as a whole; the county has now had a total of 36 cases of Zika.

In the video in the report linked above, FL Gov. Rick Scott pokes at the White House about additional Zika assistance, but Scott previously reduced spending on mosquito control by 40%. Now he’s ready to pay private firms to tackle mosquito spraying. Way to go, Republican dirtbag. Penny wise, pound foolish, and now it’s somebody else’s job to bat cleanup.

Longread: Stampede at JFK
A firsthand account of the public’s stampede-like reaction to a non-shooting at New York’s JFK International Airport. To paraphrase an old adage, if all you have is a gun, everything looks and sounds like a shooting.

Let go of your fear and let the weekend begin.

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.

Thursday: Creep

Covers are often treated like poor relations in hand-me-downs. It’s not the performer’s own work, how can they possibly do the original justice?

Yeah…and then this. I think it’s an example of an exceptional cover. It’s one of my favorites. There are a number of other fine covers of this same piece — some are sweet, some have better production values, and some are very close to Radiohead’s original recording. But this one has something extra. Carrie Manolakos, a Broadway performer known for her role as Elphaba in Wicked, takes a breath at 2:19 and watch out. Her second album will release next month if you enjoy her work.

In Sickness and Health
Here, read these two stories and compare them:

Leaving you with the actual heds on these articles. How isn’t this simple extortion? You know, like, “Nice national health care system you’ve got there. It’d be a shame if anything happened to it.”

Cry me a river about corporate losses. Last I checked Aetna’s been paying out dividends regularly, which means they still have beaucoup cash.

If only we’d had a debate about offering single payer health care for everyone back in 2009 so we could say Fuck You to these vampiric corporate blackmailers.

Still in Shadow
A timeline of articles, analysis, commentary on the hacking of NSA malware staging servers by Shadow Brokers — no window dressing, just links:

15-AUG-2016 8:48 AM — https://twitter.com/mikko/status/765168232454037504 (Mikko Hypponen–Kaspersky tweeting discovery of Shadow Brokers’ auction of Equation Group code)

16-AUG-2016 7:22 AM — http://cybersecpolitics.blogspot.com/2016/08/why-eqgrp-leak-is-russia.html (Info sec expert Dave Aitel’s assessment on hackers responsible)

16-AUG-2016 7:40 AM — https://twitter.com/Snowden/status/765513662597623808 (Edward Snowden’s tweet thread [NB: don’t be an idiot and click on any other links in that thread])

16-AUG-2016 7:22 PM — https://securelist.com/blog/incidents/75812/the-equation-giveaway/ (time zone unclear)

16-AUG-2016 ?:?? — http://xorcat.net/2016/08/16/equationgroup-tool-leak-extrabacon-demo/

17-AUG-2016 8:05 AM EST — https://motherboard.vice.com/read/what-we-know-about-the-exploits-dumped-in-nsa-linked-shadow-brokers-hack

17-AUG-2016 ?:?? — https://www.cs.uic.edu/~s/musings/equation-group/ (University of Illinois’ Stephen Checkoway’s initial impressions)

17-AUG-2016 7:23 PM EST — https://www.washingtonpost.com/world/national-security/nsas-use-of-software-flaws-to-hack-foreign-targets-posed-risks-to-cybersecurity/2016/08/17/657d837a-6487-11e6-96c0-37533479f3f5_story.html

18-AUG-2016 6:59 AM EST — https://twitter.com/RidT/status/766228082160242688 (Thomas Rid suggests Shadow Brokers’ auction may be “retaliation” — note at this embedded tweet the use of “retaliation” and the embedded, highlighted image in which the words “Panama Papers” appear in red. Make of that what you will.[1])

18-AUG-2016 2:35 PM EST — https://motherboard.vice.com/read/the-shadow-brokers-nsa-leakers-linguistic-analysis (Two linguists suggest Shadow Brokers’ primary language is English distorted to mimic Russian ESL)

You know what this reminds me of? Sony Pictures’ email hacking. Back and forth with Russia-did-it-maybe-not-probably, not unlike the blame game pointing to North Korea in Sony’s case. And the linguistic analysis then suggesting something doesn’t quite fit.

[Today's front pages from USA Today, The New York Times, Wall Street Journal, Los Angeles Times, shared here under Fair Use.]

[Today’s front pages from USA Today, The New York Times, Wall Street Journal, Los Angeles Times, shared here under Fair Use.]

American Refugees
I read in one of my timelines today a complaint by a journalist about Louisiana flooding news coverage. Wish I’d captured the thread at the time; they were put out that the public was unhappy about the media’s reporting — or lack thereof. They noted all the links to articles, videos, photos being shared in social media, noting this content came from journalists.

Except there really is a problem. The embedded image here is the front page of each of the four largest newspapers in the U.S. based on circulation, total combined circulation roughly six million readers. NONE OF THEM have a story on the front page about the flooding in Louisiana, though three of them covered the California Blue Cut Fire. Naturally, one would expect the Los Angeles Times to cover a fire in their own backyard, and they do have a nice photo-dense piece online. But nothing on the front page about flooding.

The Livingston Parish, Louisiana sheriff noted more than 100,000 parish residents had lost everything in the flood. There are only 137,000 total residents in that parish.

Between the +80,000 Blue Cut Fire evacuees and more than 100,000 left temporarily homeless in Louisiana, the U.S. now has more than a couple hundred thousand climate change refugees for which we are utterly unprepared. The weather forecast this week is not good for the Gulf Coast as unusually warm Gulf water continues to pump moisture into the atmosphere. We are so not ready.

Longread: The last really big American flood
Seven Scribes’ Vann R. Newkirk II looks at the last time a long bout of flooding inundated low-lying areas in the south, setting in motion the Great Migration. This is the history lesson we’ve forgotten. We need to prepare for even worse because like the Blue Cut Fire in California and Hurricane Sandy in New Jersey and New York, disaster won’t be confined to a place too easily written off the front page.

One more day. Hope to make it through.
_________
[1] Edited for clarity. Kind of.

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.