The Linkielist

Linking ideas with the world

The Linkielist

Author Archives: Robin Edgar

About Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

Cloud seeding in UAE: Artificial rain with drones, electricity

Posted on by

the UAE is now testing a new method that has drones fly into clouds to give them an electric shock to trigger rain production, the BBC and CNN have previously reported.

The project is getting renewed interest after the UAE’s National Center of Meteorology recently published a series of videos on Instagram of heavy rain in parts of the country. Water gushed past trees, and cars drove on rain-soaked roads. The videos were accompanied by radar images of clouds tagged “#cloudseeding.”

The Independent reports recent rain is part of the drone cloud seeding project.

[…]

The UAE oversaw more than 200 cloud seeding operations in the first half of 2020, successfully creating excess rainfall, the National News reported.

There have been successes in the U.S., as well as China, India, and Thailand. Long-term cloud seeding in the mountains of Nevada have increased snowpack by 10% or more each year, according to research published by the American Meteorological Society. A 10-year cloud seeding experiment in Wyoming resulted in 5-10% increases in snowpack, according to the State of Wyoming.

[…]

Source: Cloud seeding in UAE: Artificial rain with drones, electricity

How TikTok serves you content you love – simple, actually

Posted on by

A new video investigation by the Wall Street Journal finds the key to TikTok’s success in how the short-video sharing app monitors viewing times.

Why it matters: TikTok is known for the fiendishly effective way that it selects streams of videos tailored to each user’s taste. The algorithm behind this personalization is the company’s prize asset — and, like those that power Google and Facebook, it’s a secret.

How they did it: WSJ created a batch of individualized dummy accounts to throw at TikTok and test how it homed in on each fake persona’s traits.

What they found: TikTok responds most sensitively to a single signal — how long a user lingers over a video. It starts by showing new users very popular items, and sees which catch their eyes.

  • The TikTok algorithm works so well that some people think it’s reading their minds.

Yes, but: The investigation also found that TikTok — like YouTube — can lure users deep into rabbit holes of increasingly extreme content.

Source: How TikTok sees inside your brain – Axios

Google is starting to tell you how it found Search results

Posted on by

Alphabet’s (GOOGL.O) Google will now show its search engine users more information about why it found the results they are shown, the company said on Thursday.

It said people googling queries will now be able to click into details such as how their result matched certain search terms, in order to better decide if the information is relevant.

Google has been making changes to give users more context about the results its search engine provides. Earlier this year it introduced panels to tell users about the sources of the information they are seeing. It has also started warning users when a topic is rapidly evolving and search results might not be reliable.

Source: Google is starting to tell you how it found Search results | Reuters

Normal Touchscreens Can Also Detect Contaminated Water

Posted on by

We take for granted that the water coming out of the kitchen faucet is safe to drink, but that’s not always the case in other parts of the world. So researchers at the University of Cambridge are developing a new approach to testing for contaminants using a device that billions of people already use every day.

Modern capacitive touchscreens (the kind that can easily detect the subtlest finger taps instead of requiring users to press hard on the screen) feature an invisible grid of electrodes that carry a very small electrical charge. When your conductive finger touches the screen it changes the charge level at a specific location that the smartphone can detect based on grid coordinates. That’s a grossly simplified crash course on how the technology powering modern touchscreens work, but what’s important is their use of a changing electrical charge.

In a recently published paper, the University of Cambridge researchers explain how a stripped-down touchscreen—the same hardware used in smartphones and tablets—was found to be able to detect the electrically charged ions in an electrolyte. Different liquids were piped onto the surface of the touchscreen and using the standard software that’s used to test these screens, the researchers were able to differentiate the samples based on how “the fluids all interact with the screen’s electric fields differently depending on the concentration of ions and their charge.”

The touchscreens used in mobile devices are tuned and calibrated to best respond to interactions with fingers, but the researchers believe that by altering the design of the electrodes, even in just a small area of the screen (a custom app could indicate exactly where a sample needs to be placed) the sensitivity could be optimized for detecting contaminants in samples like soil and water.

[…]

Source: Normal Touchscreens Can Also Detect Contaminated Water

Saudi Aramco data breach sees 1 TB stolen data for sale

Posted on by

[…]

The threat actors are offering Saudi Aramco’s data starting at a negotiable price of $5 million.

Saudi Aramco has pinned this data incident on third-party contractors and tells BleepingComputer that the incident had no impact on Aramco’s operations.

“Zero-day exploitation” used to breach network

This month, a threat actor group known as ZeroX is offering 1 TB of proprietary data belonging to Saudi Aramco for sale.

ZeroX claims the data was stolen by hacking Aramco’s “network and its servers,” sometime in 2020.

As such, the files in the dump are as recent as 2020, with some dating back to 1993, according to the group.

When asked by BleepingComputer as to what method was used to gain access to the systems, the group did not explicitly spell out the vulnerability but instead called it “zero-day exploitation.”

To create traction among prospective buyers, a small sample set of Aramco’s blueprints and proprietary documents with redacted PII were first posted on a data breach marketplace forum in June this year:

forum post saudi aramco
Forum post with a link to the dark web leak site (BleepingComputer)

However, at the time of initial posting, the .onion leak site had a countdown timer set to 662 hours, or about 28 days, after which the sale and negotiations would begin.

ZeroX told BleepingComputer that the choice of “662 hours,” was intentional and a “puzzle” for Saudi Aramco to solve, but the exact reason behind the choice remains unclear:

ticking timer saudi aramco
Threat actors announced data would be up for sale after 662 hours (BleepingComputer)

The group says that the 1 TB dump includes documents pertaining to Saudi Aramco’s refineries located in multiple Saudi Arabian cities, including Yanbu, Jazan, Jeddah, Ras Tanura, Riyadh, and Dhahran.

And, that some of this data includes:

  1. Full information on 14,254 employees: name, photo, passport copy, email, phone number, residence permit (Iqama card) number, job title, ID numbers, family information, etc.
  2. Project specification for systems related to/including electrical/power, architectural, engineering, civil, construction management, environmental, machinery, vessels, telecom, etc.
  3. Internal analysis reports, agreements, letters, pricing sheets, etc.
  4. Network layout mapping out the IP addresses, Scada points, Wi-Fi access points, IP cameras, and IoT devices.
  5. Location map and precise coordinates.
  6. List of Aramco’s clients, along with invoices and contracts.

[…]

Source: Saudi Aramco data breach sees 1 TB stolen data for sale

FAA changes definition of “Astronaut” on day Bezos flies to space

Posted on by

New Federal Aviation Administration (FAA) rules say astronaut hopefuls must be part of the flight crew and make contributions to space flight safety.

That means Jeff Bezos and Sir Richard Branson may not yet be astronauts in the eyes of the US government.

These are the first changes since the FAA wings programme began in 2004.

The Commercial Astronaut Wings programme updates were announced on Tuesday – the same day that Amazon’s Mr Bezos flew aboard a Blue Origin rocket to the edge of space.

To qualify as commercial astronauts, space-goers must travel 50 miles (80km) above the Earth’s surface, which both Mr Bezos and Mr Branson accomplished.

But altitude aside, the agency says would-be astronauts must have also “demonstrated activities during flight that were essential to public safety, or contributed to human space flight safety”.

What exactly counts as such is determined by FAA officials.

In a statement, the FAA said that these changes brought the wings scheme more in line with its role to protect public safety during commercial space flights.

On 11 July, Sir Richard flew on-board Virgin Galactic’s SpaceShipTwo to the edge of space as a test before allowing customers aboard next year.

Mr Bezos and the three other crew members who flew on Blue Origin’s spacecraft may have less claim to the coveted title. Ahead of the launch, Blue Origin CEO Bob Smith said that “there’s really nothing for a crew member to do” on the autonomous vehicle.

[…]

Source: Jeff Bezos and Sir Richard Branson may not be astronauts, US says – BBC News

This looks childish to me – they went to space, they are definitely pioneers. And it’s not like there are going to be very many of them.

You can find the order here (pdf) and see that they added 5 c

Note FAA Part 460 human spaceflight requirements is also interesting in this discussion regarding human space flight participants

Want unemployment benefits in the US? You may have to submit to facial recognition with a little known company ID.me

Posted on by

[…]

Watkins, a self-described privacy advocate whose mother and grandmother shredded personal information when he was growing up, said he is unwilling to complete the identity verification process his state now requires, which includes having his face analyzed by a little-known company called ID.me.
He sent a sharply worded letter to his state’s unemployment agency criticizing ID.me’s service, saying he would not take part in it given his privacy concerns. In response, he received an automated note from the agency: “If you do not verify your identity soon, your claim will be disqualified and no further benefit payments will be issued.” (A spokesperson for the Colorado Department of Labor and Employment said the agency only allows manual identity verification “as a last resort” for unemployment claimants who are under 18 — because ID.me doesn’t work with minors — and those who have “technological barriers.”)
[…]
Watkins is one of millions across the United States who are being instructed to use ID.me, along with its facial recognition software, to get their unemployment benefits. A rapidly growing number of US states, including Colorado, California and New York, turned to ID.me in hopes of cutting down on a surge of fraudulent claims for state and federal benefits that cropped up during the pandemic alongside a tidal wave of authentic unemployment claims.
As of this month, 27 states’ unemployment agencies had entered contracts with ID.me, according to the company, with 25 of them already using its technology. ID.me said it is in talks with seven more. ID.me also verifies user identities for numerous federal agencies, such as the Department of Veterans Affairs, Social Security Administration and IRS.
[…]
The face-matching technology ID.me employs comes from a San Francisco-based startup called Paravision
[…]
Facial recognition technology, in general, is contentious. Civil rights groups frequently oppose it for privacy issues and other potential dangers. For instance, it has been shown to be less accurate when identifying people of color, and several Black men, at least, have been wrongfully arrested due to the use of facial recognition. It’s barely regulated — there are no federal laws governing its use, though some states and local governments have passed their own rules to limit or prohibit its use. Despite these concerns, the technology has been used across the US federal government, as a June report from the Government Accountability Office showed.
Several ID.me users told CNN Business about problems they had verifying their identities with the company, which ranged from the facial recognition technology failing to recognize their face to waiting for hours to reach a human for a video chat after encountering problems with the technology. A number of people who claim to have had issues with ID.me have taken to social media to beg the company for help with verification, express their own concerns about its face-data collection or simply rant, often in response to ID.me’s own posts on Twitter. And some like Watkins are simply frustrated not to have a say in the matter.
[…]
ID.me said it does not sell user data — which includes biometric and related information such as selfies people upload, data related to facial analyses, and recordings of video chats users participate in with ID.me — but it does keep it. Biometric data, like the facial geometry produced from a user’s selfie, may be kept for years after a user closes their account.
Hall said ID.me keeps this information only for auditing purposes, particularly for government agencies in cases of fraud or identity theft. Users, according to its privacy policy, can ask ID.me to delete personally identifiable information it has gathered from them, but the company “may keep track of certain information if required by law” and may not be able to “completely delete” all user information since it “periodically” backs up such data. (As Ryan Calo, codirector of the University of Washington’s Tech Policy Lab, put it, this data retention policy is “pretty standard,” but, he added, that “doesn’t make it great!”)
[…]
Beyond state unemployment agencies, ID.me is also becoming more widespread among federal agencies such as the IRS, which in June began using ID.me to verify identities of people who want to use its Child Tax Credit Update Portal.
“We’re verifying more than 1% of the American adult population each quarter, and that’s starting to compress more to like 45 or 50 days,” Hall said. The company has more than 50 million users, he said, and signs up more than 230,000 new ones each day.
[…]
Vasquez said that, when a state chooses to use a tool it knows has a tendency to not work as well on some people, she thinks that “starts to invade something more than privacy and get at questions of what society values and how it values different members’ work and what our society believes about dignity.”
Hall claims ID.me’s facial recognition software is over 99% accurate and said an internal test conducted on hundreds of faces of people who had failed to pass the facial recognition check for logging in to the social security website did not show statistically significant evidence of racial bias.

In cases where users are able to opt out of the ID.me process, it can still be arduous and time-consuming: California’s Employment Development Department website, for instance, instructs people who can’t verify their identity via ID.me when applying online to file their claim over the phone or by mail or fax.
Most people aren’t doing this, however; it’s time consuming to deal with snail mail or wade through EDD’s phone system, and many people don’t have access to a fax machine. An EDD spokesperson said that such manual identity verification, which used to be a “significant” part of EDD’s backlog, now accounts for “virtually none” of it.

Long wait times for some

Eighty-five percent of people are able to verify their identity with ID.me immediately for state workforce agencies without needing to go through a video chat, Hall said.
What happens to the remaining 15% worries Akselrod, of the ACLU, since users must have access to a device with a camera — like a smartphone or computer — as well as decent internet access. According to recent Pew research, 15% of American adults surveyed don’t have a smartphone and 23% don’t have home broadband.
“These technologies may be inaccessible for precisely the people for whom access to unemployment insurance is the most critical,” Akselrod said.
[…]

Source: Want your unemployment benefits? You may have to submit to facial recognition first – CNN

What this excellent article doesn’t go into is what a terrible idea having huge centralised databases is, especially one filled with biometric information (which you can’t change) of an entire population

Litre of printer ink? That’ll be £2,410 please. One of the most expensive consumer liquids on the planet – 3rd party ink much cheaper, blocked by manufacturers…

Posted on by

A Which? investigation has found that printer ink is one of the most expensive liquids consumers can purchase when bought from the big inkjet printer manufacturers – and people could save a small fortune by opting for third-party alternatives. 

Which? research has uncovered that inkjet printer ink bought from the manufacturer could be up to 286 per cent more expensive than third-party ink and could easily lead to consumers paying hundreds more than they need to over a five-year period.

During the pandemic, printer ink has become an essential as households across the country have been forced to rely on their home printer for work and homeschooling.

However, many are unaware that they are paying over the odds by buying printer ink from their printer’s manufacturer – and the costs quickly stack up.

The consumer champion surveyed more than 10,000 consumers who own inkjet printers to find out about their experiences with original-branded and third-party inks.

Just over half (56%) of inkjet printer owners said they stick with using potentially pricey original-branded cartridges every time.

Which? assessed the cost of original-branded and third-party ink for the Epson WorkForce WF-7210DTW printer. A multipack of colour ink (cyan, magenta, yellow) costs £75.49 from Epson. This works out at an astonishing £2,410 a litre – or £1,369 for a pint.

The Epson printer also requires a separate Epson black cartridge (£31.99), bringing the total cost of a single original-branded ink refill to £107.48.

On the other hand, restocking with a full set of black and colour inks from the highest-rated third-party supplier in the consumer champion’s survey would cost just £10.99.

[…]

It is not just Epson’s ink prices that are sky high, either. Brother, Canon and HP also charge huge prices for cartridges.

A multipack of ink for the Brother MFCJ5730DW cost £98.39 compared to just £29.21 from the cheapest third-party alternative – a price difference of £1,037 over five years assuming the full set of cartridges were replaced three times each year.

Similarly, a full set of original-branded, high-yield cartridges for a Canon Pixma MX475 costs £80.98 compared to just £12.95 from the cheapest third-party ink supplier- a difference of £68.13 for each purchase, or £1,021 over five years assuming the full set of cartridges were replaced three times each year.

The price difference between own-brand and one of the third-party inks Which? looked at for the HP Officejet 6950 would leave consumers £705 out of pocket over a five-year period assuming the full set of cartridges were replaced three times a year. For a single refill, own-branded inks for the HP 903XL total £91.96 for both black and colour cartridges and just £44.99 from a third-party retailer.

Some HP printers use a system called ‘dynamic security’ which recognises cartridges that use non-HP chips and stops them from working. Over the course of its testing programme, Which? has found 28 HP printers that use this technology.

Other manufacturers use similar tactics such as promoting the use of ‘approved’, ‘original’ or ‘guaranteed’ cartridges on their websites and in instruction manuals. For example, the Epson printer Which? tested flashed up a ‘non-genuine ink detected’ alert on its LCD screen whenever we inserted third-party cartridges.

It is highly concerning that manufacturers are discouraging consumers from using third-party inks – and that some HP printers are actively blocking customers from exerting their right to choose the cheapest ink.

Because of these practices, consumers are understandably confused and concerned about using non-manufacturer inks. Two in five (39%) of the people we surveyed who do not use third-party cartridges said they avoided them because they thought they would not work in their printer.

[…]

“Printer ink shouldn’t cost more than a bottle of high-end champagne or Chanel No5. We’ve found that there are lots of third-party products that are outperforming their branded counterparts at a fraction of the cost.

“Choosing third-party ink should be a personal choice and not dictated by the make of your printer. Which? will continue to make consumers aware of the staggering cost differences between own-brand and third-party inks and give people the information they need to buy the best ink for their printer.”

[…]

Source: Pint of printer ink? That’ll be £1,300 please: Which? reveals the eye-watering cost of branded printer ink – Which? Press Office

So basically that’s a practical monopoly on printer ink then. This is a saga that’s been going on for decades but the price increase recently has been insane!

Commission starts legal action against 23 EU countries over copyright rules they won’t implement that favour big tech over small business and forced censorship

Posted on by

EU countries may be taken to court for their tardiness in enacting landmark EU copyright rules into national law, the European Commission said on Monday as it asked the group to explain the delays.

The copyright rules, adopted two years ago, aim to ensure a level playing field between the European Union’s trillion-euro creative industries and online platforms such as Google, owned by Alphabet (GOOGL.O), and Facebook (FB.O).

Note: level if you are one of the huge tech giants, not so much if you’re a small business or startup – in fact, this makes it very very difficult for startups to enter some sectors at all.

Some of Europe’s artists and broadcasters, however, are still not happy, in particular over the interpretation of a key provision, Article 17, which is intended to force sharing platforms such as YouTube and Instagram to filter copyrighted content.

[…]

The EU executive also said it had asked France, Spain and 19 other EU countries to explain why they missed a June 7 deadline to enact separate copyright rules for online transmission of radio and TV programmes.

The other countries are Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic, Estonia, Greece, Finland, Ireland, Italy, Lithuania, Luxembourg, Latvia, Poland, Portugal, Romania, Slovenia and Slovakia.

Source: Commission starts legal action against 23 EU countries over copyright rules | Reuters

For more information see:
Article 11, Article 13: EU’s Dangerous Copyright Bill Advances: massive censorship and upload filters (which are impossible) and huge taxes for links.

European Commission Betrays Internet Users By Cravenly Introducing Huge Loophole For Copyright Companies In Upload Filter Guidance

EU Copyright Companies Want Legal Memes Blocked Too Because They Now Admit Upload Filters Are ‘Practically Unworkable’

Wow, the EU actually voted to break the internet for big business copyright gain

Anyway, well done those 23 countries for fighting for freedom of expression and going against big tech and non-democratic authoritarianism in Europe.

You, too, can be a Windows domain controller and do whatever you like, with this trick which requires no authentication at all

Posted on by

The security shortcoming can be exploited using the wonderfully named PetitPotam technique. It involves abusing Redmond’s MS-EFSRPC (Encrypting File System Remote Protocol) to take over a corporate Windows network. It seems ideal for penetration testers, and miscreants who have gained a foothold in a Windows network.

Specifically, security researcher Gilles Lionel found it was possible to use MS-EFSRPC force a device, including Windows domain controllers, to authenticate with a remote attacker-controlled NTLM relay. The end result is an authentication certificate that grants the attacker domain-controller-level access to services, allowing them to commandeer the entire domain.

“PetitPotam takes advantage of servers,” said Microsoft, “where the Active Directory Certificate Services (AD CS) is not configured with protections for NTLM Relay Attacks.”

Lionel published a proof-of-concept exploit, available from the above link, and Microsoft responded by burying the bad news in an advisory released on Friday. The Windows giant described PetitPotam as “a classic NTLM relay attack,” and noted that such attacks have a long, long history.

Which does make us wonder: why does the problem linger on?

Microsoft’s preferred mitigation is for administrators to simply disable NTLM authentication, although doing so could break any number of services and applications that depend on it. A variety of alternatives are also on offer, “listed in order of more secure to less secure.”

Great.

[…]

Windows Server 2008 and up are affected, according to Microsoft’s advisory, and, other than suggesting customers take NTLM mitigations, a fix for MS-EFSRPC does not appear to be incoming.

[…]

Source: You, too, can be a Windows domain controller and do whatever you like, with this one weird WONTFIX trick • The Register

Windows 11 reopens browser wars by including Teams

Posted on by

You can spot a veteran of the Browser Wars a mile off. These fearsome conflicts, fought across the desktops of the world not 20 years ago, left deep scars.

[…]

By Gen XP, it was all over and the internet desktop was under total Empire control. Then came the Rebel Alliance of Chrome and Firefox, and in a few short years we were liberated.

Like every peacetime generation, those since have forgotten the conflict. They assume that freedom is here by right. The desktop is an antique battleground, as obsolete as warships in the Baltic. We are mobile, we are cloud, all places where access lock-in is baked out.

[…]

the new superweapon you’ll get for free is Microsoft Teams, which is now super-snugly installed on the Windows 11 desktop and just a click away from easy-peasy sign-on to the Empire. Everything else that MS really wants you to use – OneDrive, Office 365, those blasted widgets – you can do away with. Teams? Ah, not so much. Teams is there, ostensibly, to talk to other people, and if they’re on Teams you have to use it too. Documents, spreadsheets, files of all sorts – a OneDrive, Office 365 user can swap stuff with your Google Drive and apps.

[…]

What makes the conferencing space as tempting a resource as Mesopotamian oil fields to the Great Powers? It’s the same as the Browser Wars – those who control the conversation between humans and the digital control the world. Every file you share, every connection made, every link swapped, is treasure to be collected. It’s all funnelled together automatically. Watch as in-Teams access channels spring up across businesses for helplines, content accumulators, special offer conduits, payment systems.

The long trail of interactions between conferencing system users, each other, and their resources, produces a rich seam of ready-to-mine behaviour that, because it is so task-focused, is massively monetisable.

[…]

This is a terrible prospect, not just for Slack but for everyone. IE6’s reign was marked by stagnation; all companies see spending development resources for a monopoly service as waste. It had its slave army toiling in the factory, they should be grateful for what they get. And if you think Teams is less fun than tickling the tonsils of a decomposing turbot, wait until Microsoft has settled in to enjoy its new monopoly.

What saved the world were internet open standards – Microsoft couldn’t manage that lock-in, hard as it tried. This time, the standards don’t exist or where they do, they’re not used by the big players, who control the whole chain end-to-end. Third-party endpoints are not allowed. So it doesn’t matter if you’re on a non-MS desktop or a mobile device, you’ll have to use the Microsoft app.

[…]

 

Source: Windows 11 comes bearing THAAS, Trojan Horse as a service • The Register

Russia’s Checkmate Light Tactical Fighter Is Officially Unveiled (Updated)

Posted on by

The wraps have finally, officially, come off the mock-up of Russia’s new light fighter, the Sukhoi Checkmate, also known as the Light Tactical Aircraft, or LTS in Russian, with a formal unveiling at the opening of the MAKS international air show at Zhukovsky, outside Moscow, today. Observers who had been given a succession of tantalizing, and mainly unofficial, glimpses of the new jet over the last few days now have the chance to examine the aircraft from all aspects. The actual ceremony ended up being delayed by several hours, perhaps to accommodate the visit by Russian President Vladimir Putin, who was shown inspecting the mock-up after opening the show.

The end result is very much in keeping with the observations that The War Zone has been gathering based on initial, leaked, imagery, much of it that came when the aircraft was still literally under wraps. The United Aircraft Corporation and Rostec, for their part, which are responsible for the Sukhoi design bureau, seemed to actively encourage this process, harnessing it as something of a PR coup.

ROSTEC

The unveiling of the Sukhoi Checkmate, or LTS, earlier today.

You can read our full assessment of the jet here, based on its first fleeting appearance “in the flesh,” as well as our analysis of the single-engine concept and the potential sales prospects of such an aircraft.

The aircraft’s intake has been one of its most debated features over the last week. New imagery shows the angular ventral inlet, which wraps around the lower nose section, to share features with a diverterless supersonic inlet (DSI) design, but exactly how mature Russia’s take on this concept is, remains to be seen.

In terms of new developments, we now know that, as suspected, there is a larger main weapons bay within the lower fuselage. This is designed to accommodate three examples of the RVV-BD air-to-air missile, the export version of the very-long-range R-37M, or AA-13 Axehead, a weapon that you can read more about here. Furthermore, we now have confirmation that the long, conformal weapons bays located forward of the main landing gear are indeed intended to house smaller air-to-air missiles, for close-range defense.

Performance-wise, the manufacturer is apparently claiming a short takeoff and landing capability (rather than a full short takeoff and vertical landing capability, as in the F-35B), a range of up to 1,860 miles, combat radius of 930 miles, and a payload in excess of 15,000 pounds.

The airframe is said to be stressed to 8g, which is only slightly less than the 9g at which the airframe of the Su-35S Flanker heavyweight fighter is rated. This may reflect the fact the design focuses more on low-observable characteristics and range than maneuverability, although the final result is likely closer to the Su-57, concentrating on reducing the signature from the frontal hemisphere, rather than all-aspect stealth.

[…]

The projected timeline for the LTS includes the first flight of a technology demonstrator in 2023, followed by construction of pre-series prototypes in 2024-25, and delivery of initial production examples potentially as early as 2026-27.

[…]

The planned powerplant is not confirmed, but it is described as an engine in the 14.5 to 16-ton thrust class engine, utilizing off-the-shelf components. This rating would put it at the upper end of the output of the AL-41F1 turbofan now used in the Su-57, or at the lower end of the all-new Izdeliye 30, which is currently still in development.

[…]

In addition to the three long-range and two short-range AAMs that can be carried in the internal bays, a wide variety of air-to-ground ordnance is being offered as well. Unusually for a fifth-generation design, as well as different precision-guided munitions, the unveiling showed that the jet will also be able to carry various unguided rockets and dumb bombs. There will also be provision for an internal cannon, likely a 30mm weapon as on the Su-57.

YOUTUBE SCREENCAP/ROSTEC

YOUTUBE SCREENCAP/ROSTEC

The active electronically scanned array (AESA) radar, of undisclosed type, is intended to engage six targets simultaneously while operating in a hostile electronic countermeasures environment. The radar will be part of one of an all-round sensor suite, including passive devices, likely similar to those found on the Su-57.

[…]

As of today, the program is being funded internally, with investors being sought to launch production for export. Interestingly, officials said they hoped that Russia might opt for the unmanned variant, rather than the manned fighter.

Source: Russia’s Checkmate Light Tactical Fighter Is Officially Unveiled (Updated)

F-117 flying more often as Aggressors

Posted on by

More and more as of late, some of the F-117 Nighthawks long retired from active duty are now enjoying their secretive second life as developmental and red air aggressor platforms. The Air Force Test Center pilots that fly the Air Force Materiel Command-owned jets out of the shadowy Tonopah Test Range Airport (TTR) have been steadily expanding their operations in recent months with the type operating from other installations, refueling from standard tankers, and even frequenting Nellis AFB, home of the USAF’s aggressors. We have reported extensively on this unique role for the F-117s, including their first known appearance at the giant Red Flag air warfare exercises last August. Now we have new images that show “Black Jets” in action, roaring low over the Nevada desert during a Red Flag sortie.

[…]

As for the F-117s, part of their duties includes serving as low-observable aggressors, which has become a necessity in a world where stealthy aircraft and cruise missiles are proliferating. They also work in a developmental role for low-observable and counter-low observable technologies. For Red Flag, they are part of the bad guys’ team. While flying missions during broad daylight may not have been on the docket during their operational career, these jets provide a target unlike anything fleet aircrews have encountered before. One can imagine how their elusive radar signature can only become harder to detect while flying amongst the ground clutter.

[…]

Also of note, the F-117s have their retractable antennas extended, which does impact their low-observable cloak from certain angles. This could be a necessity for taking part in the exercise or it could be because the aircraft are leaving the training area and can communicate more freely as they are no longer valid targets. It’s also worth noting that radar reflectors are not mounted on the aircraft, so they are in a low-observable configuration.

[…]

Source: F-117 Aggressors Photographed Low Over The Nevada Desert During Red Flag War Games

Japanese Police Arrest Man For Selling Modded Save Files For Single-Player Nintendo Game

Posted on by

Japan’s onerous Unfair Competition Prevention Law has created what looks from here like a massive overreach on the criminalization of copyright laws. Past examples include Japanese journalism executives being arrested over a book that tells people how to back up their own DVDs, along with more high-profile cases in which arrests occurred over the selling of cheats or exploits in online multiplayer video games. While these too seem like an overreach of copyright law, or at least an over-criminalization of relatively minor business problems facing electronic media companies, they are nothing compared with the idea that a person could be arrested and face jail time for the crime of selling modded save-game files for single player game like The Legend of Zelda: Breath of the Wild.

A 27-year old man in Japan was arrested after he was caught attempting to sell modified Zelda: Breath of The Wild save files.

As reported by the Broadcasting System of Niigata (and spotted by Dextro) Ichimin Sho was arrested on July 8 after he posted about modified save files for the Nintendo Switch version of Breath of The Wild. He posted his services onto an unspecified auction site, describing it as “the strongest software.” He would provide modded save files that would give the player improved in-game abilities and also items that were difficult to obtain were made available as requested by the customer. In his original listing, he reportedly was charging folks 3,500 yen (around $31 USD) for his service.

Upon arrest, Sho admitted that he’s made something like $90k over 18 months selling modded saves and software. Whatever his other ventures, the fact remains that Sho was arrested for selling modded saves for this one Zelda game to the public. And this game is fully a single-player game. In other words, there is not aspect of this arrest that involved staving off cheating in online multiplayer games, which is one of the concerns that has typically led to these arrests in Japan within the gaming industry.

[…]

Source: Japanese Police Arrest Man For Selling Modded Save Files For Single-Player Nintendo Game | Techdirt

Google fined €500m for not paying French publishers after copying their texts on search results

Posted on by

Google was fined €500m ($590m, £425m) by the French Competition Authority on Tuesday for failing to negotiate fees with news publishers for using their content.

In April last year, the regulator ruled the American search giant had to compensate French publishers for using snippets of their articles in Google News, citing European antitrust rules and copyright law. Google was given three months to figure out how much to pay publishers. More than a year later, no licensing deals have been struck, and Google did not “enter into negotiations in good faith,” we’re told. For one thing, it just stopped including snippets from French publishers in all Google services.

[…]

Now, the FCA has sanctioned the Chocolate Factory €500m and has given it two months to negotiate with French publishers. If the web giant continues to dilly-dally after this point, it’ll be fined up to €900,000 (over $1m or around £767,000) a day until it complies with the FCA’s demands.

[…]

Source: Google fined €500m for not paying French publishers after using their words on web • The Register

Gmail to show your company logo in inbox if DMARC and BIMI authenticated

Posted on by

After first announcing Gmail’s Brand Indicators for Message Identification (BIMI) pilot last year, today we’re announcing that over the coming weeks we’re rolling out Gmail’s general support of BIMI, an industry standard that aims to drive adoption of strong sender authentication for the entire email ecosystem

[…]

BIMI enables organizations that authenticate their emails using Domain-based Message Authentication, Reporting, and Conformance (DMARC)—a standard for providing strong sender authentication that allows security systems to perform better filtering, separating legitimate messages from potentially spoofed ones—to validate ownership of their logos and securely transmit them to Google. BIMI is designed to be easy: for organizations with DMARC in place, validated logos display on authenticated emails from their domains and subdomains.

Here’s how it works: Organizations who authenticate their emails using Sender Policy Framework (SPF) or Domain Keys Identified Mail (DKIM) and deploy DMARC can provide their validated trademarked logos to Google via a Verified Mark Certificate (VMC). BIMI leverages Mark Verifying Authorities, like Certification Authorities, to verify logo ownership and provide proof of verification in a VMC. Once these authenticated emails pass our other anti-abuse checks, Gmail will start displaying the logo in the existing avatar slot.

[…]

For logo validation, BIMI is starting by supporting the validation of trademarked logos, since they are a common target of impersonation. Today, Entrust and DigiCert support BIMI as Certification Authorities, and in the future the BIMI working group expects this list of supporting validation authorities to expand further. To learn more about BIMI and see the latest news, visit the working group’s website.

To take advantage of BIMI, ensure that your organization has adopted DMARC, and that you have validated your logo with a VMC

[…]

Source: Bringing BIMI to Gmail in Google Workspace | Google Cloud Blog

Inside the Industry That Unmasks People at Scale: yup your mobile advertising ID isn’t anonymous either

Posted on by

Tech companies have repeatedly reassured the public that trackers used to follow smartphone users through apps are anonymous or at least pseudonymous, not directly identifying the person using the phone. But what they don’t mention is that an entire overlooked industry exists to purposefully and explicitly shatter that anonymity.

They do this by linking mobile advertising IDs (MAIDs) collected by apps to a person’s full name, physical address, and other personal identifiable information (PII). Motherboard confirmed this by posing as a potential customer to a company that offers linking MAIDs to PII.

“If shady data brokers are selling this information, it makes a mockery of advertisers’ claims that the truckloads of data about Americans that they collect and sell is anonymous,” Senator Ron Wyden told Motherboard in a statement.

“We have one of the largest repositories of current, fresh MAIDS<>PII in the USA,” Brad Mack, CEO of data broker BIGDBM told us when we asked about the capabilities of the product while posing as a customer. “All BIGDBM USA data assets are connected to each other,” Mack added, explaining that MAIDs are linked to full name, physical address, and their phone, email address, and IP address if available. The dataset also includes other information, “too numerous to list here,” Mack wrote.

A MAID is a unique identifier a phone’s operating system gives to its users’ individual device. For Apple, that is the IDFA, which Apple has recently moved to largely phase out. For Google, that is the AAID, or Android Advertising ID. Apps often grab a user’s MAID and provide that to a host of third parties. In one leaked dataset from a location tracking firm called Predicio previously obtained by Motherboard, the data included users of a Muslim prayer app’s precise locations. That data was somewhat pseudonymized, because it didn’t contain the specific users’ name, but it did contain their MAID. Because of firms like BIGDBM, another company that buys the sort of data Predicio had could take that or similar data and attempt to unmask the people in the dataset simply by paying a fee.

[…]

“This real-world research proves that the current ad tech bid stream, which reveals mobile IDs within them, is a pseudonymous data flow, and therefore not-compliant with GDPR,” Edwards told Motherboard in an online chat.

“It’s an anonymous identifier, but has been used extensively to report on user behaviour and enable marketing techniques like remarketing,” a post on the website of the Internet Advertising Bureau, a trade group for the ad tech industry, reads, referring to MAIDs.

In April Apple launched iOS 14.5, which introduced sweeping changes to how apps can track phone users by making each app explicitly ask for permission to track them. That move has resulted in a dramatic dip in the amount of data available to third parties, with just 4 percent of U.S. users opting-in. Google said it plans to implement a similar opt-in measure broadly across the Android ecosystem in early 2022.

[…]

Source: Inside the Industry That Unmasks People at Scale

Fifteen Percent Of U.S. Air Force F-35s Don’t Have Working Engines

Posted on by

A total of 46 F-35 stealth fighters are currently without functioning engines due to an ongoing problem with the heat-protective coating on their turbine rotor blades becoming worn out faster than was expected. With the engine maintenance center now facing a backlog on repair work, frontline F-35 fleets have been hit, with the U.S. Air Force’s fleet facing the most significant availability shortfall.

At a hearing before the U.S. House Committee on Armed Services’ Subcommittee on Tactical Air and Land Forces yesterday, Air Force Lieutenant General Eric T. Fick, director of the F-35 Joint Program Office, confirmed that 41 U.S. Air Force F-35s, as well as one Joint Strike Fighter belonging to the U.S. Marine Corps, another from the U.S. Navy, and three that had been delivered to foreign air forces were grounded without engines. Those figures were as of July 8.

U.S. Air Force/Staff Sgt. Staci Miller

An F-35A assigned to the 61st Fighter Squadron at Luke Air Force Base, Arizona, takes off as the sun sets, during corrosion testing of the F135 engine.

The exact breakdown of how many of each F-35 variant lack engines is unclear. The Air Force and the Navy only fly the F-35A and F-35C, respectively, but the Marines operate both F-35Bs and F-35Cs and various models are in service with other military forces around the world.

[…]

It is worth remembering too, of course, that the F-35 enterprise almost had an alternative engine to the F135. However, the General Electric/Rolls-Royce F136 turbofan was deemed to be an unnecessary expense and was eventually canceled in 2011, when the project was over 80 percent complete. With the benefit of hindsight, it can well be imagined that an alternative source of engines would be very valuable right now.

[…]

Source: Fifteen Percent Of U.S. Air Force F-35s Don’t Have Working Engines

Using satellites to track tiny plastic particles and their concentration in the ocean

Posted on by

Most data on microplastic concentrations comes from commercial and research ships that tow plankton nets—long, cone-shaped nets with very fine mesh designed for collecting marine microorganisms.

But net trawling can sample only small areas and may be underestimating true plastic concentrations. Except in the North Atlantic and North Pacific gyres—large zones where rotate, collecting floating debris—scientists have done very little sampling for microplastics. And there is scant information about how these particles’ concentrations vary over time.

To address these questions, University of Michigan research assistant Madeline Evans and I developed a new way to detect microplastic concentrations from space using NASA’s Cyclone Global Navigation Satellite System. CYGNSS is a network of eight microsatellites that was launched in 2016 to help scientists predict hurricanes by analyzing tropical wind speeds. They measure how wind roughens the ocean’s surface—an indicator that we realized could also be used to detect and track large quantities of microplastics.

This animation shows how satellite data can be used to track where microplastics enter the water, how they move and where they tend to collect.

Looking for smooth zones

[…]

The radars on CYGNSS satellites are designed to measure winds over the ocean indirectly by measuring how they roughen the water’s surface. We knew that when there is a lot of material floating in the water, winds don’t roughen it as much. So we tried computing how much smoother measurements indicated the surface was than it should have been if winds of the same speed were blowing across clear water.

This anomaly—the “missing roughness”—turns out to be highly correlated with the concentration of microplastics near the ocean surface. Put another way, areas where surface waters appear to be unusually smooth frequently contain high concentrations of microplastics. The smoothness could be caused by the microplastics themselves, or possibly by something else that’s associated with them.

By combining all the measurements made by CYGNSS satellites as they orbit around the world, we can create global time-lapse images of ocean microplastic concentrations. Our images readily identify the Great Pacific Garbage Patch and secondary regions of high microplastic concentration in the North Atlantic and the southern oceans.

These images show microplastic concentrations (number of particles per square kilometer) at the mouths of the Yangtze and Qiantang rivers where they empty in to the East China Sea. (A) Average density year-round; (B) short-lived burst of particles from the Qiantang River; (C and D) short-lived bursts from the Yangtze River. Credit: Evans and Ruf, 2021., CC BY

Tracking microplastic flows over time

Since CYGNSS tracks wind speeds constantly, it lets us see how microplastic concentrations change over time. By animating a year’s worth of images, we revealed that were not previously known.

We found that global microplastic concentrations tend to peak in the North Atlantic and Pacific during the Northern Hemisphere’s summer months. June and July, for example, are the peak months for the Great Pacific Garbage Patch.

Concentrations in the Southern Hemisphere peak during its summer months of January and February. Lower concentrations during the winter in both hemispheres are likely due to a combination of stronger currents that break up microplastic plumes and increased vertical mixing—the exchange between surface and deeper water—that transports some of the microplastic down below the surface.

This approach can also target smaller regions over shorter periods of time. For example, we examined episodic outflow events from the mouths of the China’s Yangtze and Qiantang rivers where they empty into the East China Sea. These events may have been associated with increases in industrial production activity, or with increases in the rate at which managers allowed the rivers to flow through dams.

[…]

While the ocean roughness anomalies that we observed correlate strongly with concentrations, our estimates of concentration are based on the correlations that we observed, not on a known physical relationship between floating microplastics and ocean roughness. It could be that the roughness anomalies are caused by something else that is also correlated with the presence of microplastics.

One possibility is surfactants on the ocean surface. These liquid chemical compounds, which are widely used in detergents and other products, move through the oceans in ways similar to microplastics, and they also have a damping effect on wind-driven ocean roughening.

Further study is needed to identify how the smooth areas that we identified occur, and if they are caused indirectly by surfactants, to better understand exactly how their transport mechanisms are related to those of microplastics.

[…]

Source: The ocean is full of tiny plastic particles – we found a way to track them with satellites

Major crypto scammer sentenced to 15 years in prison

Posted on by

The mastermind behind what the government says is one of the largest cryptocurrency Ponzi schemes prosecuted in the US has been sentenced to 15 years in prison. While crypto scams have been getting increasingly common, Swedish citizen Roger Nils-Jonas Karlsson defrauded thousands of victims and stole tens of millions of dollars over a period that lasted almost a decade. He pleaded guilty to securities and wire fraud, as well as money laundering charges on March 4th.

According to the Department of Justice, Karlsson ran his fraudulent investment scheme from 2011 until he was arrested in Thailand in 2019. He targeted financially insecure individuals, such as seniors, persuading them to use cryptocurrency to purchase shares in a business he called “Eastern Metal Securities.” Based on information from court documents, he promised victims huge payouts tied to the price of gold, but the money they handed over wasn’t invested at all. It was moved to Karlsson’s personal bank accounts instead and used to purchase expensive homes and even resorts in Thailand.

To keep his scheme running for almost a decade, he’d rebrand and would show victims account statements in an effort to convince them that their funds are secure. Karlsson would then give them various excuses for payout delays and even falsely claimed to be working with the Securities and Exchange Commission. During the sentencing, US District Judge Charles R. Breyer ordered his Thai resorts and accounts to be forfeited. He was also ordered to pay his victims in the amount of $16,263,820.

Acting US Attorney Stephanie Hinds of the Northern District of California said:

“The investigation into Roger Karlsson’s fraud uncovered a frighteningly callous scheme that lasted more than a decade during which Karlsson targeted thousands of victims, including financially vulnerable seniors, to callously rob them of their assets and all to fuel an extravagant lifestyle surrounded by luxury condominiums and lavish international vacations. The court’s decision to order a 180-month prison term reflects the fact that Karlsson’s cryptocurrency Ponzi scheme is one of the largest to be sentenced to date and ensures that Karlsson now will have plenty of time to think about the harm he has caused to his victims.”

Source: Major crypto scammer sentenced to 15 years in prison | Engadget

Report shines light on REvil’s depressingly simple tactics: Phishing, credential-stuffing RDP servers… the usual

Posted on by

Palo Alto Networks’ global threat intelligence team, Unit 42, has detailed the tactics ransomware group REvil has employed to great impact so far this year – along with an estimation of the multimillion-dollar payouts it’s receiving.

[…]

The group, which provides what security wonks have come to term “Ransomware as a Service” or RAAS, has been fingered in some high-profile attacks: Travelex, an entertainment-focused law firm with an A-lister client base; Apple supplier Quanta Computer; a major meat producer; a nuclear weapons contractor; and fashion giant French Connection UK – among many others.

Most recently, the group gained access to an estimated 1,500 companies through the Kayesa VSA platform. While the company denied a supply-chain attack, it disabled its Saas platform as a security measure – and, as of this morning, was struggling to recover.

[…]

“For these services, REvil takes a percentage of the negotiated ransom price as their fee. Affiliates of REvil often use two approaches to persuade victims into paying up: they encrypt data so that organizations cannot access information, use critical computer systems or restore from backups, and they also steal data and threaten to post it on a leak site (a tactic known as double extortion).”

According to research carried out by Martineau and colleagues, REvil and its affiliates averaged $2.25m in payouts per breach over the first six months of 2021 – chickenfeed compared to the $70m the group is demanding for a universal decryption tool designed to unlock the data being ransomed as a result of the Kaseya attack.

The methods chosen by the group to gain access to the target systems are depressingly simple, Martineau’s report claimed, with the most common methods being as simple as sending a phishing message or attempting to log in to Remote Desktop Protocol (RDP) servers using previously-compromised credentials.

“However,” Martineau noted, “we also observed a few unique vectors that relate to the recent Microsoft Exchange Server CVEs, as well as a case that involved a SonicWall compromise.”

Once in, REvil attackers cement their access by creating new local and domain user accounts, install Cobalt Strike’s Beacon covert payload – a commercial product which apparently delivers a little too well on its promise to “model advanced attackers” for “threat emulation” – and disable antivirus, security services, and other protection systems. The impact is further expanded to other devices on the network, using “various open-source tools to gather intelligence on a victim environment.”

It could be a while before the attack is noticed, too – no surprise given how the group often exfiltrates gigabytes of data as part of its ransom approach. “REvil threat actors often encrypted the environment within seven days of the initial compromise,” Martineau found. “However, in some instances, the threat actor(s) waited up to 23 days. [They] often used MEGASync software or navigated to the MEGASync website to exfiltrate archived data. In one instance, the threat actor used RCLONE to exfiltrate data.

[…]

The full report has been published on the Unit 42 site.

Source: Report shines light on REvil’s depressingly simple tactics: Phishing, credential-stuffing RDP servers… the usual • The Register

Three-dozen US states plus DC sue Google over Play Store’s revenue cut, payment system, and more

Posted on by

As expected, Google is facing a fresh legal assault regarding its Play Store, the 30 per cent cut it took from developers’ revenues via the software souk, and other rules and restrictions.

In an antitrust lawsuit [PDF] filed in a federal district court in San Francisco on Wednesday, 36 US states and commonwealths, plus Washington DC, alleged Google ran roughshod over the Sherman Act, screwing over users and software makers by abusing its monopoly on Android and the distribution of apps.

Those states include New York, California, Florida, Washington, New Jersey, North Carolina, and Arizona, though not Texas, Pennsylvania, Ohio, nor Illinois, among others. There doesn’t appear to be an obvious partisan split.

The complaint is wide-ranging and extensive, from criticizing Google’s commission from app and in-app purchases and that it must handle payments, to undue pressure on phone makers, to a ban on advertising by non-Play stores on Google’s web properties, like YouTube, and more.

[…]

In March, Google dropped its cut of app sales from 30 to 15 per cent for the first $1m a developer makes. The move mirrored a similar decision by Apple last year, matching the same terms almost exactly. This was not enough, it seems, to hold off attorneys general.

[…]

Source: Three-dozen US states plus DC sue Google over Play Store’s revenue cut, payment system, and more • The Register

OnePlus Admits to Throttling OnePlus 9 and 9 Pro for battery life

Posted on by

After a recent investigation by Anandtech pointed out that a number of popular apps were experiencing sluggish performance on the OnePlus 9 and OnePlus 9 Pro, OnePlus has now admitted to throttling hundreds of popular apps to help “reduce power consumption.”

Anandtech’s Andrei Frumusanu noticed that a number of popular browsers, including Google Chrome, performed significantly worse on benchmarks such as Jetstream 2.o and Speedometer 2.0, posting results more similar to those from old budget phones than a modern high-end device. And while Gizmodo does not use those benchmarks as part of our review process (due in part to previous tampering from companies including OnePlus and others), we can confirm similar numbers in our own testing.

Upon further review, Anandtech discovered that OnePlus had installed a custom OnePlus Performance Service function that throttled the performance of apps like YouTube, Snapchat, Discord, Twitter, Zoom, Facebook, Microsoft Office apps, and even a number of first-party apps from OnePlus. And by limiting the performance of certain cores in the OnePlus 9 and 9 Pro’s Snapdragon 888 processor, OnePlus was effectively throttling these apps in order to help deliver increased battery life.

In a statement provided to XDA Developers, OnePlus has confirmed it throttled the performance of apps on the OnePlus 9 and 9 Pro

[…]

Source: OnePlus Admits to Throttling OnePlus 9 and 9 Pro

This Crowdsourced Ransomware Payment Tracker Shows How Much Cybercriminals Have Heisted

Posted on by

Ransomware attacks are on the rise, but quantifying the scope of the problem can be tricky when only the most high-profile cases make headlines. Enter Ransomwhere,

[…]

Jack Cable, a security architect at the cybersecurity consulting firm Krebs Stamos Group, launched the site on Thursday.

[…]

The way it works is Ransomwhere keeps a running tally of ransoms paid out to cybercriminals in the bitcoin cryptocurrency. This is largely made possible because of the transparent nature of bitcoin: All transactions involving the cryptocurrency are recorded on the blockchain, a decentralized database that acts as a public ledger, thus allowing anyone to track any transactions specifically associated with ransomware groups.

[…]

Since the U.S. dollar value of bitcoin is constantly fluctuating, Ransomwhere calculates each ransom amount based on the bitcoin exchange rate on the day that the transaction was sent.

[…]

So far in 2021, the Russia-linked cybercriminal gang that took credit for the Kaseya and JBS attacks, REvil, is leading the pack by a mile with more than $11 million in ransom payments, according to Ransomwhere. Coming in second with 6.2 million is Netwalker, one of the most popular ransomware-as-a-service offerings on the dark web. Though it should be noted that Netwalker has the dubious honor of racking up the most ransom payments of all time, with roughly $28 million to its name based on the site’s data.

REvil could soon surpass that record if its recent demands for $70 million are met. That’s how much the gang asked for on Sunday to publish a universal decryptor that would unlock all computers affected in the Kaseya hack, a supply chain attack that has crippled more than 1,000 companies worldwide and prompted a federal investigation.

[…]

Source: This Crowdsourced Ransomware Payment Tracker Shows How Much Cybercriminals Have Heisted

Iran’s Train System Hacked, Khamenei’s phone nr posted on station msg boards as help line

Posted on by

Cyberattacks reportedly disrupted Iran’s railway system on Friday, causing “unprecedented chaos” at stations throughout the country, according to state media.

The hackers, whoever they are, also reportedly trolled the nation’s Supreme Leader Ali Khamenei, posting his phone number as “the number to call for information” on multiple train station message boards, Reuters reports. According to some Iranian outlets, the number, 64411, was displayed on screens in train stations and redirected to Ayatolla Khamenei’s office when dialed.

The railway’s website, local ticket offices, and cargo services have all apparently been affected, the news outlet reports.

There isn’t otherwise a whole lot of information about this incident, though local reporting would appear to suggest that trains have been massively delayed but not totally stalled.

[…]

Source: Iran’s Train System Reportedly Hacked by Trolling Attackers