Daily Archives: September 15, 2020

Brit MPs to Apple CEO: Please stop ignoring our questions about repairability and the environment

Posted on by

The UK’s Environmental Audit Committee (EAC) says Apple is still not answering questions relating to its record on the environmental sustainability and repairability of its iStuff.

The EAC – a sounder of Members of Parliament that sit on the select committee in the House of Commons – asked the American company to get involved in the Electronic Waste and Circular Economy inquiry, and Apple had been due to appear before MPs on 16 July but “cancelled is appearance at short notice”.

Committee chairman the Right Honourable Sir Philip Dunne, an MP for Ludlow constituency in Shropshire, then penned a letter [PDF] to Apple boss Tim Apple Cooke early last month and requested a response by Friday last week, 4 September, but the EAC is “yet to receive a substantive reply”, it said.

The contents of the letter, revealed today, points out the anxiety related to the social and environmental footprint of the electronics industry, brought into focus by a United Nations report in July that showed 53.6 million tonnes of so-called e-waste was produced in 2019, up 21 per cent in five years.

Smaller gadgets are often the hardest to collect and recycle, and Apple is one of the largest manufacturers of such equipment worldwide, hence its invitation to partake in the inquiry, EAC said.

In his missive to Cook, Dunne asked 13 questions, including how Apple was tackling past and future carbon emissions; the auditing of third-party emissions in Apple’s supply chain; whether the high price of fixing Apple kit was affecting repairability; what Apple was doing to improve repairability of products; whether Apple would support legislation for repairability standards; what it was doing to take back items being replaced; and a query around plastic packaging.

The timing of this release is very deliberate, coming as Apple prepares to broadcast a live event from California with a slew of new products from next-generation phones to watches, iPads and other gear.

“Apple has made more than two billion iPhones – a phone for every person in the whole of Africa and Europe,” said Dunne in a statement. “Today, as Apple unveils its next generation of gadgets, my committee continues to wait for answers on what the company is doing to tackle its environmental footprint.”

[…]

For its part, Apple claimed previously that it loses money by repairing customers’ gadgets, which rather flies in the face of Apple’s reluctance to allow independent repair shops to do their thing.

In its 2020 Environmental Progress Report, Apple pledged to reduce 75 per cent of its carbon emissions by 2030 and develop “innovative carbon removal solutions for the remaining 25 percent of its comprehensive footprint”. The highlights of that report can be found here.

Source: Brit MPs to Apple CEO: Please stop ignoring our questions about repairability and the environment • The Register

European Police Malware Could Harvest GPS, Messages, Passwords, More from Encrochat devices

Posted on by

The malware that French law enforcement deployed en masse onto Encrochat devices, a large encrypted phone network using Android phones, had the capability to harvest “all data stored within the device,” and was expected to include chat messages, geolocation data, usernames, passwords, and more, according to a document obtained by Motherboard.

The document adds more specifics around the law enforcement hack and subsequent takedown of Encrochat earlier this year. Organized crime groups across Europe and the rest of the world heavily used the network before its seizure, in many cases to facilitate large scale drug trafficking. The operation is one of, if not the, largest law enforcement mass hacking operation to date, with investigators obtaining more than a hundred million encrypted messages.

“The NCA has been collaborating with the Gendarmerie on Encrochat for over 18 months, as the servers are hosted in France. The ultimate objective of this collaboration has been to identify and exploit any vulnerability in the service to obtain content,” the document reads, referring to both the UK’s National Crime Agency and one of the national police forces of France.

As well as the geolocation, chat messages, and passwords, the law enforcement malware also told infected Encrochat devices to provide a list of WiFi access points near the device, the document reads.

[…]

Encrochat was a company that offered custom-built phones that sent end-to-end encrypted messages to one another. Encrochat took a base Android device, installed its own software, and physically removed the GPS, microphone, and camera functionality to lock down the devices further. These modifications may have impacted what sort of data the malware was actually able to obtain once deployed. Encrochat phones had a panic wipe feature, where if a user entered a particular PIN it would erase data stored on the device. The devices also ran two operating systems that sat side by side; one that appeared to be innocuous, and another that contained the users’ more sensitive communications.

In a previous email to Motherboard a representative of Encrochat said the firm is a legitimate company with clients in 140 countries, and that it sets out “to find the best technology on the market to provide a reliable and secure service for any organization or individual that want[s] to secure their information.” The firm had tens of thousands of users worldwide, and decided to shut itself down after discovering the hack against its network.

Encrochat’s customers included a British hitman who assassinated a crime leader and an armed robber, and various violent gangs around Europe including those who used so-called “torture chambers.” Some of the users may have been legitimate, however.

Since the shutdown, police across Europe have arrested hundreds of alleged criminals who used the service. Motherboard previously obtained chat logs that prosecutors have presented as evidence against one drug dealer.

Running an encrypted phone company is not typically illegal in-and-of-itself. The U.S. Department of Justice charged Vince Ramos, the CEO of another firm called Phantom Secure with racketeering conspiracy and other charges after an undercover investigation caught him saying the phones were made for drug trafficking. Phantom Secure started as a legitimate firm before catering more to the criminal market. Ramos was sentenced to nine years in prison in May 2019.

Source: European Police Malware Could Harvest GPS, Messages, Passwords, More

How they harvested GPS from devices with the functionality physically removed is a mystery to me, although wifi networks definitely provide a pretty good form of geolocation

U.S. Concentration Camp in Georgia Sent Women to Be Sterilized

Posted on by

Why are the terms “Nazi Germany” and “Mengele” become trending topics on Twitter? The words dominated the social media platform on Monday after it was revealed that a whistleblower has alleged “high numbers” of immigrant women at a U.S. concentration camp in Georgia were sent to be given unnecessary hysterectomies. Many of the women reportedly didn’t know why they were being sent to have the surgery and were all sent to the same doctor, according to the complaint, with one woman describing the facility as an “experimental concentration camp.”

Twitter users made several analogies to various Nazi atrocities on Monday, like the sadistic medical experiments performed on Jews by Josef Mengele during the Holocaust in the 1930s and ‘40s. And while U.S. concentration camps aren’t currently operating as anything close to the European death camps of the Holocaust, there’s still reasonable concern about what the fuck is happening in the U.S. right now under the Trump regime.

The whistleblower, a nurse named Dawn Wooten, worked full time at a concentration camp run by Immigration and Customs Enforcement called the Irwin County Detention Center, until her work hours were cut in July, a result of alleged retaliation for speaking up internally about health and sanitary conditions in the prison. The facility is technically owned by a private company called LaSalle Corrections, much like several other ICE and CBP concentration camps across the U.S. that currently house tens of thousands of detainees under a for-profit model.\

[…]

the most shocking revelations involve many women who were sent to have hysterectomies—a medical procedure to remove the uterus, rendering the women unable to become pregnant and have children—without getting a clear answer on why they were having the surgeries done.

From the complaint to the OIG, which is available online:

One woman told Project South in 2019 that Irwin sends many women to see a particular gynecologist outside the facility but that some women did not trust him. She also stated that “a lot of women here go through a hysterectomy” at ICDC. More recently, a detained immigrant told Project South that she talked to five different women detained at ICDC between October and December 2019 who had a hysterectomy done. When she talked to them about the surgery, the women “reacted confused when explaining why they had one done.” The woman told Project South that it was as though the women were “trying to tell themselves it’s going to be OK.” She further said: “When I met all these women who had had surgeries, I thought this was like an experimental concentration camp. It was like they’re experimenting with our bodies.”

The whistleblower, nurse Wooten, explained in her own words how one unnamed doctor was allegedly carrying out this mass sterilization effort on immigrant women. Wooten even called the doctor a “uterus collector”:

Everybody he sees has a hysterectomy—just about everybody. He’s even taken out the wrong ovary on a young lady [detained immigrant woman]. She was supposed to get her left ovary removed because it had a cyst on the left ovary; he took out the right one. She was upset. She had to go back to take out the left and she wound up with a total hysterectomy. She still wanted children—so she has to go back home now and tell her husband that she can’t bear kids… she said she was not all the way out under anesthesia and heard him [doctor] tell the nurse that he took the wrong ovary.

[…]

We’ve questioned among ourselves like goodness he’s taking everybody’s stuff out…That’s his specialty, he’s the uterus collector. I know that’s ugly…is he collecting these things or something…Everybody he sees, he’s taking all their uteruses out or he’s taken their tubes out. What in the world.

The complaint also alleges that the women in custody aren’t getting clear communication about what procedure is about to be done on them, with some medical staff in the facility allegedly using Google to translate things from English to Spanish before surgery. Some women were told conflicting things about why they needed to have hysterectomies, like one woman who was given three very different reasons

[…]

ICE did not immediately respond to a request for comment on Tuesday morning, but sent out a statement to several news outlets insisting that, “in general, anonymous, unproven allegations, made without any fact-checkable specifics, should be treated with the appropriate skepticism they deserve.” Notably, that’s not a flat denial of the allegations. And DHS restricts access to the facilities to such a degree that journalists have previously tried to use drones just to get a look inside. Even members of Congress have struggled to get an unfiltered look at what’s happening in these facilities.

ICE and its parent agency, the U.S. Department of Homeland Security, have a history of outright lies and running interference for objectively racist policies. The former head of DHS, Kirstjen Nielsen, lied to Congress on multiple occasions, claiming that the Trump regime did not have a policy of separating families at the U.S.-Mexico border. That was flatly wrong and Nielsen has never been held accountable for the lies, let alone the atrocities she committed against countless asylum seekers. The current head of DHS, Acting Secretary Chad Wolf, has never been confirmed by the Senate and the nonpartisan Government Accountability Office found last month that he was illegally appointed to his position in late 2019. Wolf is still the head of DHS.

[…]

Source: U.S. Concentration Camp in Georgia Sent Women to Be Sterilized

Nikola Admits Prototype Was Rolling Downhill In Promo Video

Posted on by

In late 2016, Nikola Motor Company founder Trevor Milton unveiled a prototype of the Nikola One truck, claiming it “fully functions and works, which is really incredible.” A couple years later, in January 2018, the company showed the Nikola One truck moving rapidly along a two-lane desert highway. But last week, the short-selling investment firm Hindenburg Research published a bombshell report, accusing Nikola Motors of massive fraud, having no proprietary technology and vastly overstating the capabilities of their prototypes to investors.

Incredibly, “Hindenburg reported that the truck in the ‘Nikola One in motion’ video wasn’t moving under its own power,” reports Ars Technica. “Rather, Nikola had towed the truck to the top of a shallow hill and let it roll down. The company allegedly tilted the camera to make it look like the truck was traveling under its own power on a level roadway.” From the report: On Monday morning, Nikola sent out a lengthy press release titled “Nikola Sets the Record Straight on False and Misleading Short Seller Report.” While the statement nitpicks a number of claims in the Hindenburg report, it tacitly concedes Hindenburg’s main claim about the Nikola One. Nikola now admits that the Nikola One prototype wasn’t functional in December 2016 and still wasn’t functional when the company released the “in motion” video 13 months later. Nikola claims that the gearbox, batteries, inverters, power steering, and some other components of the truck were functional at the time of the December 2016 show. But Nikola doesn’t claim that the truck had a working hydrogen fuel cell or motors to drive the wheels — the two key components Hindenburg stated were missing from the truck in December 2016.

And Nikola now admits that it never got the truck to fully function. “As Nikola pivoted to the next generation of trucks, it ultimately decided not to invest additional resources into completing the process to make the Nikola One drive on its own propulsion,” Nikola wrote in its Monday statement. Instead, Nikola pivoted to working on its next vehicle, the Nikola Two. So what about that video of the Nikola One driving across the desert? “Nikola never stated its truck was driving under its own propulsion in the video,” Nikola wrote. “Nikola described this third-party video on the Company’s social media as ‘In Motion.’ It was never described as ‘under its own propulsion’ or ‘powertrain driven.’ Nikola investors who invested during this period, in which the Company was privately held, knew the technical capability of the Nikola One at the time of their investment.”

Source: Nikola Admits Prototype Was Rolling Downhill In Promo Video – Slashdot

Whistleblower Shows How Facebook Deals With Global Political Manipulation – not enough according to her

Posted on by

The 6,600-word memo, written by former Facebook data scientist Sophie Zhang, is filled with concrete examples of heads of government and political parties in Azerbaijan and Honduras using fake accounts or misrepresenting themselves to sway public opinion. In countries including India, Ukraine, Spain, Brazil, Bolivia, and Ecuador, she found evidence of coordinated campaigns of varying sizes to boost or hinder political candidates or outcomes, though she did not always conclude who was behind them.

“In the three years I’ve spent at Facebook, I’ve found multiple blatant attempts by foreign national governments to abuse our platform on vast scales to mislead their own citizenry, and caused international news on multiple occasions,” wrote Zhang, who declined to talk to BuzzFeed News. Her LinkedIn profile said she “worked as the data scientist for the Facebook Site Integrity fake engagement team” and dealt with “bots influencing elections and the like.”

“I have personally made decisions that affected national presidents without oversight, and taken action to enforce against so many prominent politicians globally that I’ve lost count,” she wrote.

The memo is a damning account of Facebook’s failures. It’s the story of Facebook abdicating responsibility for malign activities on its platform that could affect the political fate of nations outside the United States or Western Europe. It’s also the story of a junior employee wielding extraordinary moderation powers that affected millions of people without any real institutional support, and the personal torment that followed.

“I know that I have blood on my hands by now,” Zhang wrote.

[…]

“There was so much violating behavior worldwide that it was left to my personal assessment of which cases to further investigate, to file tasks, and escalate for prioritization afterwards,” she wrote.

That power contrasted with what she said seemed to be a lack of desire from senior leadership to protect democratic processes in smaller countries. Facebook, Zhang said, prioritized regions including the US and Western Europe, and often only acted when she repeatedly pressed the issue publicly in comments on Workplace, the company’s internal, employee-only message board.

“With no oversight whatsoever, I was left in a situation where I was trusted with immense influence in my spare time,” she wrote. “A manager on Strategic Response mused to myself that most of the world outside the West was effectively the Wild West with myself as the part-time dictator – he meant the statement as a compliment, but it illustrated the immense pressures upon me.”

A former Facebook engineer who knew her told BuzzFeed News that Zhang was skilled at discovering fake account networks on the platform.

[…]

“I have made countless decisions in this vein – from Iraq to Indonesia, from Italy to El Salvador,” she wrote. “Individually, the impact was likely small in each case, but the world is a vast place.”

Still, she did not believe that the failures she observed during her two and a half years at the company were the result of bad intent by Facebook’s employees or leadership. It was a lack of resources, Zhang wrote, and the company’s tendency to focus on global activity that posed public relations risks, as opposed to electoral or civic harm.

“Facebook projects an image of strength and competence to the outside world that can lend itself to such theories, but the reality is that many of our actions are slapdash and haphazard accidents,” she wrote.

[…]

Source: Whistleblower Says Facebook Ignored Global Political Manipulation

A really good insight into the problems that Faebook has to look at. I’m pretty sure that it’s not Facebook ignoring the problem, it’s that their solution was in the person of the whislteblower, who felt underappreciated and alone and seems to have been unable to garner support within Facebook for more resources.

Private data gone public: Razer leaks 100,000+ gamers’ personal info

Posted on by

In August, security researcher Volodymyr Diachenko discovered a misconfigured Elasticsearch cluster, owned by gaming hardware vendor Razer, exposing customers’ PII (Personal Identifiable Information).

The cluster contained records of customer orders and included information such as item purchased, customer email, customer (physical) address, phone number, and so forth—basically, everything you’d expect to see from a credit card transaction, although not the credit card numbers themselves. The Elasticseach cluster was not only exposed to the public, it was indexed by public search engines.

[…]

One of the things Razer is well-known for—aside from their hardware itself—is requiring a cloud login for just about anything related to that hardware. The company offers a unified configuration program, Synapse, which uses one interface to control all of a user’s Razer gear.

Until last year, Synapse would not function—and users could not configure their Razer gear, for example change mouse resolution or keyboard backlighting—without logging in to a cloud account. Current versions of Synapse allow locally stored profiles for off-Internet use and what the company refers to as “Guest mode” to bypass the cloud login.

Many gamers are annoyed by the insistence on a cloud account for hardware configuration that doesn’t seem to really be enhanced by its presence. Their pique is understandable, because the pervasive cloud functionality comes with cloud vulnerabilities. Over the last year, Razer awarded a single HackerOne user, s3cr3tsdn, 28 separate bounties.

We applaud Razer for offering and paying bug bounties, of course, but it’s difficult to forget that those vulnerabilities wouldn’t have been there (and globally exploitable), if Razer hadn’t tied their device functionality so thoroughly to the cloud in the first place.

Source: Private data gone public: Razer leaks 100,000+ gamers’ personal info | Ars Technica

Google Faces $3 Billion U.K. Suit Over Use of Children’s Data

Posted on by

Alphabet Inc.’s Google faces a multibillion-dollar lawsuit in the U.K. over claims that YouTube routinely breaks privacy laws by tracking children online.

The suit, filed on behalf of more than 5 million British children under 13 and their parents, is being brought by privacy campaigner Duncan McCann and being supported by Foxglove, a tech justice group. The claimants estimate that if they’re successful, there would be as much as 2.5 billion pounds ($3.2 billion) in compensation, worth between 100 to 500 pounds per child.

The filing alleges that YouTube’s methods of targeting underage audiences constitute “major breaches” of U.K. and European privacy and data rules designed to protect citizens’ control over their own private information. YouTube has “systematically broken these laws by harvesting children’s data without obtaining prior parental consent,” it alleges.

A spokesperson for YouTube declined to comment on the lawsuit Monday but added that the video streaming service isn’t designed for users under the age of 13.

“We launched the YouTube Kids app as a dedicated destination for kids and are always working to better protect kids and families on YouTube,” the company said in an emailed statement.

Source: Google Faces $3 Billion U.K. Suit Over Use of Children’s Data – Bloomberg

Hints of life on Venus: Scientists detect phosphine molecules in high cloud decks

Posted on by

An international team of astronomers, led by Professor Jane Greaves of Cardiff University, today announced the discovery of a rare molecule—phosphine—in the clouds of Venus. On Earth, this gas is only made industrially, or by microbes that thrive in oxygen-free environments.

[…]

finding that phosphine is present but scarce—only about twenty molecules in every billion.

The astronomers then ran calculations to see if the phosphine could come from natural processes on Venus. They caution that some information is lacking—in fact, the only other study of phosphorus on Venus came from one lander experiment, carried by the Soviet Vega 2 mission in 1985.

Massachusetts Institute of Technology scientist Dr. William Bains led the work on assessing natural ways to make phosphine. Some ideas included sunlight, minerals blown upwards from the surface, volcanoes, or lightning, but none of these could make anywhere near enough of it. Natural sources were found to make at most one ten thousandth of the amount of phosphine that the telescopes saw.

To create the observed quantity of phosphine on Venus, terrestrial organisms would only need to work at about 10% of their maximum productivity, according to calculations by Dr. Paul Rimmer of Cambridge University. Any microbes on Venus will likely be very different to their Earth cousins though, to survive in hyper-acidic conditions.

[…]

She comments: “Finding phosphine on Venus was an unexpected bonus! The discovery raises many questions, such as how any organisms could survive. On Earth, some microbes can cope with up to about 5% of acid in their environment—but the clouds of Venus are almost entirely made of acid.”

[…]

confirming the presence of “life” needs a lot more work. Although the high clouds of Venus have temperatures up to a pleasant 30 degrees centigrade, they are incredibly acidic—around 90% sulphuric acid—posing major issues for microbes to survive there.

[…]

Source: Hints of life on Venus: Scientists detect phosphine molecules in high cloud decks

Eterbase cryptocurrency exchange hacked and $5.4 million stolen

Posted on by

Cryptocurrency exchange Eterbase last week admitted hackers broke into its computers and made off with other people’s coins, said to be worth $5.4m.

The plug was pulled on the digital dosh exchange as a result, though it may return at some point: it claims to have enough capital to surmount the cyber-heist. Investigations by staff and law enforcement are ongoing.

“We want to inform our users that we have enough capital to meet all our obligations,” the site’s operators said in a statement.

“We want to reassure everyone that this event won’t stop our journey. After the security audit of renowned global companies, our operations will continue. We will announce the date of the reopening of the ETERBASE Exchange platform as soon as possible.”

Source: Another month, another cryptocurrency exchange hacked and ‘millions of dollars’ stolen by miscreants • The Register

Shenzhen Zhenua Data Leak – high profile international contacts database kept by Chinese leaked

Posted on by

The database built by Shenzhen Zhenhua from a variety of sources is technically complex using very advanced language, targeting, and classification tools. Shenzhen Zhenhua claims to work with, and our research supports, Chinese intelligence, military, and security agencies use the open information environment we in open liberal democracies take for granted to target individuals and institutions. Our research broadly support their claims.

The information specifically targets influential individuals and institutions across a variety of industries. From politics to organized crime or technology and academia just to name a few, the database flows from sectors the Chinese state and linked enterprises are known to target.

The breadth of data is also staggering. It compiles information on everyone from key public individuals to low level individuals in an institution to better monitor and understand how to exert influence when needed.

Compiling public and non-public personal and institutional data, Shenzhen Zhenhua has likely broken numerous laws in foreign jurisdictions. Claiming to partner with state intelligence and security services in China, Shenzhen Zhenhua operates collection centers in foreign countries that should be considered for investigation in those jurisdictions.

s that should be considered for investigation in those jurisdictions.

Source: Statement on Shenzhen Zhenua Data Leak – Balding’s WorldBalding’s World

The personal details of millions of people around the world have been swept up in a database compiled by a Chinese tech company with reported links to the country’s military and intelligence networks, according to a trove of leaked data.

About 2.4 million people are included in the database, assembled mostly based on public open-source data such as social media profiles, analysts said. It was compiled by Zhenhua Data, based in the south-eastern Chinese city of Shenzhen.

Internet 2.0, a cybersecurity consultancy based in Canberra whose customers include the US and Australian governments, said it had been able to recover the records of about 250,000 people from the leaked dataset, including about 52,000 Americans, 35,000 Australians and nearly 10,000 Britons. They include politicians, such as prime ministers Boris Johnson and Scott Morrison and their relatives, the royal family, celebrities and military figures.

When contacted by the Guardian for comment, a representative of Zhenhua said: “The report is seriously untrue.”

“Our data are all public data on the internet. We do not collect data. This is just a data integration. Our business model and partners are our trade secrets. There is no database of 2 million people,” said the representative surnamed Sun, who identified herself as head of business.

“We are a private company,” she said, denying any links to the Chinese government or military. “Our customers are research organisations and business groups.”

Source: Zhenhua Data leak: personal details of millions around world gathered by China tech company

Official launch of ELLIS Units – 15th of September 2020! | European Lab for Learning & Intelligent Systems

Posted on by

The European Laboratory for Learning and Intelligent Systems (ELLIS) is officially launching its 30 ELLIS research units on Tuesday, September 15. Since the first 17 units were announced in December 2019, the ELLIS initiative has gained significant momentum, adding another 13 units at top research institutions across Europe. To highlight this rapid progress toward securing the future of European AI research, each unit will be presenting its research focus. While an in-person launch was initially planned in spring at the Royal Society in London, the event was postponed as a result of the global COVID-19 pandemic and will now take place online. The event will be will be open to the general public via livestreaming. A detailed agenda and the YouTube link will be posted shortly.

A detailed agenda and the YouTube link can be found here.

Source: Official launch of ELLIS Units – 15th of September 2020! | European Lab for Learning & Intelligent Systems