Daily Archives: December 17, 2020

Secret Agents Implicated In The Poisoning Of Opposition Leader Alexey Navalny Identified Thanks To Russia’s Black Market In Everybody’s Personal Data

Posted on by

Back in August, the Russian opposition leader Alexei Navalny was poisoned on a flight to Moscow. Despite initial doubts — and the usual denials by the Russian government that Vladimir Putin was involved — everyone assumed it had been carried out by the country’s FSB, successor to the KGB. Remarkable work by the open source intelligence site Bellingcat, which Techdirt first wrote about in 2014, has now established beyond reasonable doubt that FSB agents were involved:

A joint investigation between Bellingcat and The Insider, in cooperation with Der Spiegel and CNN, has discovered voluminous telecom and travel data that implicates Russia’s Federal Security Service (FSB) in the poisoning of the prominent Russian opposition politician Alexey Navalny. Moreover, the August 2020 poisoning in the Siberian city of Tomsk appears to have happened after years of surveillance, which began in 2017 shortly after Navalny first announced his intention to run for president of Russia.

That’s hardly a surprise. Perhaps more interesting for Techdirt readers is the story of how Bellingcat pieced together the evidence implicating Russian agents. The starting point was finding passengers who booked similar flights to those that Navalny took as he moved around Russia, usually earlier ones to ensure they arrived in time but without making their shadowing too obvious. Once Bellingcat had found some names that kept cropping up too often to be a coincidence, the researchers were able to draw on a unique feature of the Russian online world:

Due to porous data protection measures in Russia, it only takes some creative Googling (or Yandexing) and a few hundred euros worth of cryptocurrency to be fed through an automated payment platform, not much different than Amazon or Lexis Nexis, to acquire telephone records with geolocation data, passenger manifests, and residential data. For the records contained within multi-gigabyte database files that are not already floating around the internet via torrent networks, there is a thriving black market to buy and sell data. The humans who manually fetch this data are often low-level employees at banks, telephone companies, and police departments. Often, these data merchants providing data to resellers or direct to customers are caught and face criminal charges. For other batches of records, there are automated services either within websites or through bots on the Telegram messaging service that entirely circumvent the necessity of a human conduit to provide sensitive personal data.

The process of using these leaked resources to establish the other agents involved in the surveillance and poisoning of Navalny, and their real identities, since they naturally used false names when booking planes and cars, is discussed in fascinating detail on the Bellingcat site. But the larger point here is that strong privacy protections are good not just for citizens, but for governments too. As the Bellingcat researchers put it:

While there are obvious and terrifying privacy implications from this data market, it is clear how this environment of petty corruption and loose government enforcement can be turned against Russia’s security service officers.

As well as providing Navalny with confirmation that the Russian government at the highest levels was probably behind his near-fatal poisoning, this latest Bellingcat analysis also achieves something else that is hugely important. It has given privacy advocates a really powerful argument for why governments — even the most retrogressive and oppressive — should be passing laws to protect the personal data of every citizen effectively. Because if they don’t, clever people like Bellingcat will be able to draw on the black market resources that inevitably spring up, to reveal lots of things those in power really don’t want exposed.

Source: Secret Agents Implicated In The Poisoning Of Opposition Leader Alexey Navalny Identified Thanks To Russia’s Black Market In Everybody’s Personal Data | Techdirt

Artificial intelligence classifies supernova explosions with unprecedented accuracy

Posted on by

Artificial intelligence is classifying real supernova explosions without the traditional use of spectra, thanks to a team of astronomers at the Center for Astrophysics | Harvard & Smithsonian. The complete data sets and resulting classifications are publicly available for open use.

By training a to categorize supernovae based on their visible characteristics, the astronomers were able to classify real data from the Pan-STARRS1 Medium Deep Survey for 2,315 supernovae with an accuracy rate of 82-percent without the use of spectra.

The astronomers developed a that classifies different types of supernovae based on their light curves, or how their brightness changes over time. “We have approximately 2,500 supernovae with light curves from the Pan-STARRS1 Medium Deep Survey, and of those, 500 supernovae with spectra that can be used for classification,” said Griffin Hosseinzadeh, a postdoctoral researcher at the CfA and lead author on the first of two papers published in The Astrophysical Journal. “We trained the classifier using those 500 supernovae to classify the remaining supernovae where we were not able to observe the spectrum.”

Edo Berger, an at the CfA explained that by asking the to answer specific questions, the results become increasingly more accurate. “The machine learning looks for a correlation with the original 500 spectroscopic labels. We ask it to compare the supernovae in different categories: color, rate of evolution, or brightness. By feeding it real existing knowledge, it leads to the highest accuracy, between 80- and 90-percent.”

Although this is not the first machine learning project for supernovae classification, it is the first time that astronomers have had access to a real data set large enough to train an artificial intelligence-based supernovae classifier, making it possible to create machine learning algorithms without the use of simulations.

[…]

The project has implications not only for archival data, but also for data that will be collected by future telescopes. The Vera C. Rubin Observatory is expected to go online in 2023, and will lead to the discovery of millions of new supernovae each year. This presents both opportunities and challenges for astrophysicists, where limited telescope time leads to limited spectral classifications.

“When the Rubin Observatory goes online it will increase our discovery rate of supernovae by 100-fold, but our spectroscopic resources will not increase,” said Ashley Villar, a Simons Junior Fellow at Columbia University and lead author on the second of the two papers, adding that while roughly 10,000 supernovae are currently discovered each year, scientists only take spectra of about 10-percent of those objects. “If this holds true, it means that only 0.1-percent of discovered by the Rubin Observatory each year will get a spectroscopic label. The remaining 99.9-percent of data will be unusable without methods like ours.”

Unlike past efforts, where data sets and classifications have been available to only a limited number of astronomers, the from the new algorithm will be made publicly available. The astronomers have created easy-to-use, accessible software, and also released all of the data from Pan-STARRS1 Medium Deep Survey along with the new classifications for use in other projects. Hosseinzadeh said, “It was really important to us that these projects be useful for the entire supernova community, not just for our group. There are so many projects that can be done with these data that we could never do them all ourselves.” Berger added, “These projects are open data for open science.”

Source: Artificial intelligence classifies supernova explosions with unprecedented accuracy

Are we working more than ever? – Our World in Data

Posted on by

Working hours for the average worker have decreased dramatically over the last 150 years.

Why should we care?

The evidence presented here comes from decades of work from economic historians and other researchers. Of course, the data is not perfect — as we explain in a forthcoming post, measuring working hours with accuracy is difficult, and surveys and historical records have limitations, so estimates of working hours spanning centuries necessarily come with a margin of error. But for any given country, the changes across time are much larger than the error margins at any point in time: The average worker in a rich country today really does work many fewer hours than the average worker 150 years ago.

As the economists Diane Coyle and Leonard Nakamura explain, the study of working hours is crucial not only to measure macroeconomic productivity, but also to measure economic well-being beyond economic output. A more holistic framework for measuring ‘progress’ needs to consider changes in how people are allowed to allocate their time over multiple activities, among which paid work is only one.

The available evidence shows that, rather than working more than ever, workers in many countries today work much less than in the past 150 years. There are huge inequalities within and across countries, but substantial progress has been made.

Source: Are we working more than ever? – Our World in Data

Hackers used SolarWinds’ dominance against it in sprawling spy campaign

Posted on by

There was not a database or an IT deployment model out there to which his Austin, Texas-based company did not provide some level of monitoring or management, he told analysts on the Oct. 27 call.

“We don’t think anyone else in the market is really even close in terms of the breadth of coverage we have,” he said. “We manage everyone’s network gear.”

Now that dominance has become a liability – an example of how the workhorse software that helps glue organizations together can turn toxic when it is subverted by sophisticated hackers.

On Monday, SolarWinds confirmed that Orion – its flagship network management software – had served as the unwitting conduit for a sprawling international cyberespionage operation. The hackers inserted malicious code into Orion software updates pushed out to nearly 18,000 customers.

And while the number of affected organizations is thought to be much more modest, the hackers have already parlayed their access into consequential breaches at the U.S. Treasury and Department of Commerce.

[…]

Cybersecurity experts are still struggling to understand the scope of the damage.

The malicious updates – sent between March and June, when America was hunkering down to weather the first wave of coronavirus infections – was “perfect timing for a perfect storm,” said Kim Peretti, who co-chairs Atlanta-based law firm Alston & Bird’s cybersecurity preparedness and response team.

Assessing the damage would be difficult, she said.

“We may not know the true impact for many months, if not more – if not ever,” she said.

The impact on SolarWinds was more immediate. U.S. officials ordered anyone running Orion to immediately disconnect it. The company’s stock has tumbled more than 23% from $23.50 on Friday – before Reuters broke the news of the breach – to $18.06 on Tuesday.

[…]

One of those offering claimed access over the Exploit forum in 2017 was known as “fxmsp” and is wanted by the FBI “for involvement in several high-profile incidents,” said Mark Arena, chief executive of cybercrime intelligence firm Intel471. Arena informed his company’s clients, which include U.S. law enforcement agencies.

Security researcher Vinoth Kumar told Reuters that, last year, he alerted the company that anyone could access SolarWinds’ update server by using the password “solarwinds123”

[…]

Source: Hackers used SolarWinds’ dominance against it in sprawling spy campaign | Reuters

SolarWinds’ shares drop 22 per cent. But what’s this? $286m in stock sales just before hack announced?

Posted on by

Two Silicon Valley VC firms, Silver Lake and Thoma Bravo, sold hundreds of millions of dollars in SolarWinds shares just days before the software biz emerged at the center of a massive hacking campaign.

Silver Lake and Thoma Bravo deny anything untoward.

The two firms owned 70 per cent of SolarWinds, which produces networking monitoring software that was backdoored by what is thought to be state-sponsored Russian spies. This tainted code was installed by thousands of SolarWinds customers including key departments of the US government that were subsequently hacked via the hidden remote access hole.

News of the role SolarWinds’ hijacked Orion software played in the hacking spree emerged at the weekend, and on Monday the developer’s share price plummeted more than 20 per cent. It is currently down 22 per cent.

However, around a week before, Silver Lake sold $158m of SolarWinds’ shares and Thoma Bravo sold $128m, according to the Washington Post. The two outfits have six seats on SolarWinds’ board, meaning they will have access to confidential internal information before it is made public. It’s not clear when SolarWinds became aware that its Orion build system had been compromised to include the aforementioned backdoor.

[…]

We asked FireEye when precisely it told SolarWinds its Orion updates had been trojanized, and a representative told us: “I’m not able to address the timeline of events.”

Timing

There is a plausible explanation for all this: the VCs shed their stock-holdings on the same day SolarWinds’ long-standing CEO resigned.

The software house announced in August that Kevin Thompson would leave the company though it didn’t give a date. Thompson reportedly quit on Monday, December 7 – news that was not made public – and a new CEO was formally announced two days later, on December 9, the day after FireEye went public on December 8 with details of the intrusion into its own systems.

[…]

Source: SolarWinds’ shares drop 22 per cent. But what’s this? $286m in stock sales just before hack announced? • The Register

Air Force Flies AI Copilot on U-2 Spy Plane in first. Very Star Wars referenced

Posted on by

For Star Wars fans, an X-Wing fighter isn’t complete without R2-D2. Whether you need to fire up converters, increase power, or fix a broken stabilizer, that trusty droid, full of lively beeps and squeaks, is the ultimate copilot.

Teaming artificial intelligence (AI) with pilots is no longer just a matter for science fiction or blockbuster movies. On Tuesday, December 15, the Air Force successfully flew an AI copilot on a U-2 spy plane in California: the first time AI has controlled a U.S. military system.

[…]

With call sign ARTUµ, we trained µZero—a world-leading computer program that dominates chess, Go, and even video games without prior knowledge of their rules—to operate a U-2 spy plane. Though lacking those lively beeps and squeaks, ARTUµ surpassed its motion picture namesake in one distinctive feature: it was the mission commander, the final decision authority on the human-machine team

[…]

Our demo flew a reconnaissance mission during a simulated missile strike at Beale Air Force Base on Tuesday. ARTUµ searched for enemy launchers while our pilot searched for threatening aircraft, both sharing the U-2’s radar. With no pilot override, ARTUµ made final calls on devoting the radar to missile hunting versus self-protection. Luke Skywalker certainly never took such orders from his X-Wing sidekick!

[…]

to trust AI, software design is key. Like a breaker box for code, the U-2 gave ARTUµ complete radar control while “switching off” access to other subsystems.

[…]

Like a digital Yoda, our small-but-mighty U-2 FedLab trained µZero’s gaming algorithms to operate a radar—reconstructing them to learn the good side of reconnaissance (enemies found) from the dark side (U-2s lost)—all while interacting with a pilot. Running over a million training simulations at their “digital Dagobah,” they had ARTUµ mission-ready in just over a month.

[…]

That autonomous future will happen eventually. But today’s AI can be easily fooled by adversary tactics, precisely what future warfare will throw at it.

us air force maj “vudu”, u 2 dragon lady pilot for the 9th reconnaissance wing, prepares to taxi after returning from a training sortie at beale air force, california, dec 15, 2020
U.S. Air Force Maj. “Vudu”, U-2 Dragon Lady pilot for the 9th Reconnaissance Wing, prepares to taxi after returning from a training sortie at Beale Air Force, California, Dec. 15, 2020.

A1C Luis A.Ruiz-Vazquez

Like board or video games, human pilots could only try outperformingDARPA’s AI while obeying the rules of the dogfighting simulation, rules the AI had algorithmically learned and mastered. The loss is a wakeup call for new digital trickery to outfox machine learning principles themselves. Even R2-D2 confused computer terminals with harmful power sockets!

[…]

Source: Air Force Flies AI Copilot on U-2 Spy Plane: Exclusive Details

Lunar Samples Land on Earth, Completing China’s Most Challenging ‘Space Adventure’

Posted on by

For the first time in 44 years, a spacecraft has brought lunar samples to Earth. With the Chang’e 5 mission complete, China now joins a very exclusive club, reinforcing the country’s role as a major player in space exploration.

China is now only the third country to collect samples from the Moon and bring them to Earth. The last time this happened was in 1976, when the Soviet Union did the same as part of its Luna 24 mission. NASA, during the course of its six Apollo missions, managed to collect and retrieve 842 pounds of lunar regolith and rocks.

[…]

The capsule was 3,100 miles (5,000 km) above the southern Atlantic Ocean when it separated from the orbiter. Prior to making the big plunge, the capsule bounced off the atmosphere while traveling at 7 miles per second (11.2 km/s), which it did to reduce speed, bringing it down to a more manageable 5 miles per second (7.9 km/s). A parachute allowed it to safely drift to the surface, where it was retrieved by ground crews. As Xinhua reports, the recovery team will briefly inspect the capsule, and then fly it to Beijing for further analysis.

Specifically, the sealed samples will be “transferred to specially designed laboratories for analyses, experiments and tests so scientists can determine the extraterrestrial substances’ composition, structure and traits, thus deepening their knowledge about the history of the moon and the solar system,” according to CNSA. “A certain proportion of the samples will also be on public display to enhance science awareness among the public, especially young generations, sources close to the mission have said.”

[…]

Using its drill, the Chang’e 5 lander pulled 18 ounces (500 grams) of material from beneath the surface, while its robotic arm collected upwards of 3.5 pounds (1.5 kg). The research team will have to confirm these quantities once the capsule is opened. After storing the samples in a vacuum chamber, the lander planted a Chinese flag on the surface, bid farewell to the Moon, and then re-joined the orbiter on December 3. It marked the “first time a Chinese spacecraft has blasted off from an extraterrestrial body,” according to CNSA.

[…]

Source: Lunar Samples Land on Earth, Completing China’s Most Challenging ‘Space Adventure’