The Linkielist

Linking ideas with the world

The Linkielist

Author Archives: Robin Edgar

About Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

DARPA Announces Subterranean Challenge Finals: mapping out underground tunnels, caves, evil lairs by robot

Posted on by

After three years of development, DARPA Subterranean (SubT) Challenge teams will get the chance to compete in the Final Event being held at the Louisville Mega Cavern in Louisville, Kentucky on September 21-23, 2021.

The DARPA SubT Challenge aims to develop innovative technologies that can rapidly map, navigate, and search complex underground environments such as human-made tunnel systems, urban undergrounds, and natural cave networks. Teams compete by demonstrating how their autonomy, networking, perception, and mobility capabilities perform on either physical courses in the Systems Competition or simulated environments in the Virtual Competition. The best performing team in the Systems Competition will be awarded a $2 million prize while the best performing team in the Virtual Competition will be awarded a $750,000 prize.

Over the last two years, teams faced a series of preliminary circuit events – the Tunnel Circuit, Urban Circuit, and Cave Circuit – to demonstrate how their solutions address the unique challenges of each subdomain. Teams will now tackle competition courses that include challenge elements from all three subdomains at the same time.

“Whether it’s the systems courses that we are building inside the Mega Cavern, or the wildly varying virtual environments we’re designing in the SubT Virtual Testbed, I’m excited to see how all of the SubT Challenge competitors build on the knowledge they gained during the Circuit Events to be successful in the Final Event.” said Dr. Timothy Chung, program manager for the Subterranean Challenge in DARPA’s Tactical Technology Office.

While many competitors are already preparing for the Final Event, new teams still have an opportunity to qualify for the Systems and Virtual Competitions. In order to participate, teams must deploy autonomous robotic systems – either real or virtual – into the competition courses to map, navigate, and search for artifacts of interest. The locations of each artifact must be reported with an accuracy of at least five meters to score a point. The competition courses are intentionally designed to emulate the dangers of rescue efforts in collapsed mines, post-earthquake search and rescue in urban underground settings, and cave rescue operations for injured or lost spelunkers.

For additional information on the DARPA Subterranean Challenge, including how to compete in this September’s event, please visit www.subtchallenge.com

Source: DARPA Announces Subterranean (SubT) Challenge Final Event Site and Date

‘DALL-E’ AI generates an image out of anything you describe

Posted on by
with DALL-E (a portmanteau of “Wall-E” and “Dali”), an AI app that can create an image out of nearly any description. For example, if you ask for “a cat made of sushi” or a “high quality illustration of a giraffe turtle chimera,” it will deliver those things, often with startlingly good quality (and sometimes not).DALL-E can create images based on a description of its attributes, like “a pentagonal green clock,” or “a collection of glasses is sitting on a table.” In the latter example, it places both drinking and eye glasses on a table with varying degrees of success.

It can also draw and combine multiple objects and provide different points of view, including cutaways and object interiors. Unlike past text-to-image programs, it even infers details that aren’t mentioned in the description but would be required for a realistic image. For instance, with the description “a painting of a fox sitting in a field during winter,” the agent was able to determine that a shadow was needed.

“Unlike a 3D rendering engine, whose inputs must be specified unambiguously and in complete detail, DALL·E is often able to ‘fill in the blanks’ when the caption implies that the image must contain a certain detail that is not explicitly stated,” according to the OpenAI team.

'DALL-E' AI generates an image out of anything you describe

OpenAI also exploits a capability called “zero-shot reasoning.” This allows an agent to generate an answer from a description and cue without any additional training, and has been used for translation and other chores. This time, the researchers applied it to the visual domain to perform both image-to-image and text-to-image translation. In one example, it was able to generate an image of a cat from a sketch, with the cue “the exact same cat on the top as the sketch on the bottom.”

The system has numerous other talents, like understanding how telephones and other objects change over time, grasping geographic facts and landmarks and creating images in photographic, illustration and even clip-art styles.

For now, DALL-E is pretty limited. Sometimes, it delivers what you expect from the description and other times you just get some weird or crappy images. As with other AI systems, even the researchers themselves don’t understand exactly how it produces certain images due to the black box nature of the system.

Still, if developed further, DALL-E has vast potential to disrupt fields like stock photography and illustration, with all the good and bad that entails. “In the future, we plan to analyze how models like DALL·E relate to societal issues like economic impact on certain work processes and professions, the potential for bias in the model outputs, and the longer term ethical challenges implied by this technology,” the team wrote. To play with DALL-E yourself, check out OpenAI’s blog.

Source: ‘DALL-E’ AI generates an image out of anything you describe | Engadget

The Earth has been spinning faster lately

Posted on by

Scientists around the world have noted that the Earth has been spinning on its axis faster lately—the fastest ever recorded. Several scientists have spoken to the press about the unusual phenomenon, with some pointing out that this past year saw some of the shortest days ever recorded.

For most of the history of mankind, time has been marked by the 24-hour day/night cycle (with some alterations made for convenience as the seasons change). The cycle is governed by the speed at which the planet spins on its axis. Because of that, the length of a day has become the standard by which time is marked—each day lasts approximately 86,400 seconds. The day/night cycle is remarkably consistent despite the fact that it actually varies slightly on a regular basis.

Several decades ago, the development of atomic clocks began allowing scientists to record the passage of time in incredibly small increments, in turn, allowing for measuring the length of a given day down to the millisecond. And that has led to the discovery that the spin of the planet is actually far more variable than once thought. Since such measurements began, scientists have also found that the Earth was slowing its spin very gradually (compensated by the insertion of a leap second now and then)—until this past year, when it began spinning faster—so much so that some in the field have begun to wonder if a negative leap negative second might be needed this year, an unprecedented suggestion. Scientists also noted that this past summer, on July 19, the shortest day ever was recorded—it was 1.4602 milliseconds shorter than the standard.

Planetary scientists are not concerned about the new finding; they have learned that there are many factors that have an impact on planetary spin—including the moon’s pull, snowfall levels and mountain erosion. They also have begun wondering if might push the Earth to spin faster as the snow caps and high-altitude snows begin disappearing. Computer scientists, on the other hand, are somewhat concerned about the shifting spin speed—so much of is based on what they describe as “true time.” Adding a negative leap second could lead to problems, so some have suggested shifting the world’s clocks from solar time to atomic .

Source: The Earth has been spinning faster lately

If you’re a WhatsApp user, you’ll have to share your personal data with Facebook from next month – and no, you can’t opt out this time

Posted on by

WhatsApp users must agree to share their personal information with Facebook if they want to continue using the messaging service from next month, according to new terms and conditions.

“As part of the Facebook Companies, WhatsApp receives information from, and shares information with, the other Facebook Companies,” its privacy policy, updated this week, stated.

“We may use the information we receive from them, and they may use the information we share with them, to help operate, provide, improve, understand, customize, support, and market our Services and their offerings, including the Facebook Company Products.”

Yes, said information includes your personal information. Thus, in other words, WhatsApp users must allow their personal info to be shared with Facebook and its subsidiaries as and when decided by the tech giant. Presumably, this is to serve personalized advertising.

If you’re a user today, you have two choices: accept this new arrangement, or stop using the end-to-end encrypted chat app (and use something else, like Signal.) The changes are expected to take effect on February 8.

When WhatsApp was acquired by Facebook in 2014, it promised netizens that its instant-messaging app would not collect names, addresses, internet searches, or location data. CEO Jan Koum wrote in a blog post: “Above all else, I want to make sure you understand how deeply I value the principle of private communication. For me, this is very personal. I was born in Ukraine, and grew up in the USSR during the 1980s.

“One of my strongest memories from that time is a phrase I’d frequently hear when my mother was talking on the phone: ‘This is not a phone conversation; I’ll tell you in person.’ The fact that we couldn’t speak freely without the fear that our communications would be monitored by KGB is in part why we moved to the United States when I was a teenager.”

Two years later, however, that vow was eroded by, well, capitalism, and WhatsApp decided it would share its users’ information with Facebook though only if they consented. That ability to opt-out, however, will no longer be an option from next month. Koum left in 2018.

That means users who wish to keep using WhatsApp must be prepared to give up personal info such as their names, profile pictures, status updates, phone numbers, contacts lists, and IP addresses, as well as data about their mobile devices, such as model numbers, operating system versions, and network carrier details, to the mothership. If users engage with businesses via the app, order details such as shipping addresses and the amount of money spent can be passed to Facebook, too.

Source: If you’re a WhatsApp user, you’ll have to share your personal data with Facebook from next month – and no, you can’t opt out this time • The Register

These Repair Bulletins for Tesla’s Quality Problems Are Downright Embarrassing—and Serious

Posted on by

t’s no secret that Tesla tends to ship cars to customers with questionable fit and finish. Sometimes components don’t fit the way they should, so fake wood from Home Depot is used to ensure they do. Other times, glass roofs simply detach while driving down the highway. This time, however, it’s not a random Facebook rant or one-off tweet telling us Tesla is selling vehicles of questionable quality, it’s the National Highway Traffic Safety Administration (NHTSA), via recalls and service bulletins.

Thanks to Bozi Tatarevic on Twitter, we know about errors numerous enough to warrant a response from the NHTSA, and some of them are pretty bad. They include low-grade rust repair, fixes to bodywork using a dead-blow hammer, and missing fasteners. We’re not talking about a couple of loose lug nuts, either. We’re talking parts missing from the car’s power system that may affect battery charge and discharge, and even nuts missing in the front suspension.

NHTSA

The service bulletins are sort of humorous in their official language of very basic fixes to really obvious issues with these cars. If the “DC link busbar” bolts are missing in the Model 3, replace them! If the charging door isn’t sitting flush—this defect is present on the 3 and Y—hit the non-flush panel with a hammer until it sits right. But if you start roleplaying as the village blacksmith and take it just a tad too far, replace the entire panel. Also, if you mess up the paint when you do this, make sure you touch it up. It looks like there’s a little bit of rust forming in that area anyway, so it’s probably a good idea to do that in any case.

The most alarming one of these issues is the self-locking nylon nut that’s straight-up missing from the front suspension. Apparently, this issue is widespread enough on the Model Y to warrant a service bulletin. If this bolt fell out during driving—which it would if there was no nut holding it on—one side of the front suspension would just collapse. Obviously, that’s something you don’t want to happen while you’re driving, and could lead to a serious accident and bodily injury. Possibly even worse.

Reading through other complaints on the NHTSA’s page for the Model 3, it seems like suspension issues are very common. Problems with ball joints snapping seem to be by far the most common issue. It’s safe to read clearly inflammatory messages with a little bit of skepticism, but looking through wrecked Model 3s on Copart, it seems like that is at least a somewhat common issue.

Unfortunately, this just sort of seems like business as usual for Tesla. Its vehicles are known to have these sorts of issues, and they aren’t doing a ton to attempt to shed this image. There is certainly something to be said for the strides the company has made with battery technology and drivetrain design, but quality control has to catch up with those innovations. Making advanced cars is one thing, making safe and reliable cars is entirely another.

Source: These Repair Bulletins for Tesla’s Quality Problems Are Downright Embarrassing—and Serious

Compromised Amazon Ring Devices Combined With Swatting

Posted on by

Late last year, it was discovered that yet another set of IoT devices were being turned against their owners by malicious people. It would be a stretch to call these losers “hackers,” considering all they did was utilize credentials harvested from multiple security breaches to take control of poorly secured cameras made by Ring.

Password reuse is common and these trolls made the most of it. Streaming their exploits to paying users, the perpetrators shouted racist abuse at homeowners, talked to/taunted their children, and interrupted their sleep by blaring loud noises through the cameras’ mics.

This string of events landed Ring in court. Ring claims this isn’t the company’s fault since the credentials weren’t obtained from Ring itself. But Ring’s lax security standards allowed users to bypass two-factor authentication and, until recently, didn’t warn users of unrecognized login attempts or lock their accounts after a certain number of login failures.

There’s another insidious twist to this new form of online/offline abuse. And it’s caught the attention of the feds. The FBI says these cameras are now being combined with swatting to inflict additional misery on camera owners.

Recently, offenders have been using victims’ smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks. To gain access to the smart devices, offenders are likely taking advantage of customers who re-use their email passwords for their smart device. The offenders use stolen email passwords to log into the smart device and hijack features, including the live-stream camera and device speakers.

They then call emergency services to report a crime at the victims’ residence. As law enforcement responds to the residence, the offender watches the live stream footage and engages with the responding police through the camera and speakers. In some cases, the offender also live streams the incident on shared online community platforms.

Combining two things people hate into one dangerous blend is someone’s idea of a good time. Two recent incidents involving hacked devices and swatting fortunately ended without anyone being killed by law enforcement.

One Florida woman was called by a “hacker” and told to go outside and see if the local SWAT team was there. She was met by police shortly afterwards who told her they’d received a call she’d been murdered by her husband. No raid happened but officers were showered with insults and obscenities by “hackers” via the compromised Ring doorbell/camera for failing to provide the entertainment the online assholes were seeking.

A similar incident happened in Virginia, with the “hacker” taunting both the family and officers as they investigated a fake suicide call.

Through the family’s four Ring cameras, a hacker screamed, “Help me!” as officers checked inside the home to make sure everyone was safe.

Back outside, the officers realized the intermittent screaming was coming from the home’s Ring cameras.

A man started talking to the officers through the cameras, saying he hacked the homeowner’s accounts and faked the 911 call.

[…]

Officer: “What is it that you need from us?”

Hacker: “Oh nothing, we were just [messing] around, after this we’ll log out, tell him to change his Yahoo password, his Ring password, and stop using the same passwords for the same [stuff].”

Chesapeake Police officers covered up the cameras and asked who was screaming. The hacker told officers it was him yelling for help, claiming he livestreamed the Ring cameras when officers arrived and charged people five dollars each to watch online.

So, that’s where we’re at, hellscape-wise. A nation full of devices that can be taken over by anyone with the right credentials and turned into entertainment for sociopaths. Of course, being better about locking down IoT devices won’t stop these same sociopaths from weaponizing local law enforcement agencies. Choosing a strong, unique password isn’t going to keep assholes from swatting people. It’s only going to deprive them of their ability to witness the potentially deadly results of their actions.

Source: FBI Warns Assholes Are Now Combining Compromised IoT Devices With Swatting Because That’s The Hell We Now Live In | Techdirt

Singapore police can access now data from the country’s contract tracing app

Posted on by

With a nearly 80 percent uptake among the country’s population, Singapore’s TraceTogether app is one of the best examples of what a successful centralized contact tracing effort can look like as countries across the world struggle to contain the coronavirus pandemic. To date, more than 4.2 million people in Singapore have download the app or obtained the wearable the government has offered to people.

In contrast to Apple’s and Google’s Exposure Notifications System — which powers the majority of COVID-19 apps out there, including ones put out by states and countries like California and Germany — Singapore’s TraceTogether app and wearable uses the country’s own internally developed BlueTrace protocol. The protocol relies on a centralized reporting structure wherein a user’s entire contact log is uploaded to a server administered by a government health authority. Outside of Singapore, only Australia has so far adopted the protocol.

In an update the government made to the platform’s privacy policy on Monday, it added a paragraph about how police can use data collected through the platform. “TraceTogether data may be used in circumstances where citizen safety and security is or has been affected,” the new paragraph states. “Authorized Police officers may invoke Criminal Procedure Code (CPC) powers to request users to upload their TraceTogether data for criminal investigations.”

Previous versions of the privacy policy made no mention of the fact police could access any data collected by the app; in fact, the website used to say, “data will only be used for COVID-19 contact tracing.” The government added the paragraph after Singapore’s opposition party asked the Minister of State for Home Affairs if police could use the data for criminal investigations. “We do not preclude the use of TraceTogether data in circumstances where citizens’ safety and security is or has been affected, and this applies to all other data as well,” said Minister Desmond Tan.

What’s happening in Singapore is an example of the exact type of potential privacy nightmare that experts warned might happen with centralized digital contact tracing efforts. Worse, a loss of trust in the privacy of data could push people further away from contact tracing efforts altogether, putting everyone at more risk.

Source: Singapore police can access data from the country’s contract tracing app | Engadget

Uber wasted $100 million on useless digital ad campaigns

Posted on by

[…]

the estimated $100 million Uber apparently straight-up squandered on incredibly obvious, third-party digital advertising scams… something that is garnering mainstream coverage in the first days of 2021, despite coming to light back in February of last damn year.

Uber defraud tweet
Twitter / @nandoodles

You Google Played yourself — Former Sleeping Giants alum and co-founder of Check My Ads, Nandini Jammi, caught most of us up on the whole situation yesterday in a lengthy Twitter thread detailing just how Uber, the poster child of startup capitalism’s unethical robber baron mentality, managed to recently waste a mind-boggling $100 million in pointless digital advertising campaigns through a host of blatantly shady ad networks.

One such instance involved launching “‘battery saver’ style apps in Google Play, giving them root access to your phone.” Upon typing “Uber” into Google Play, the service “auto-fires a click to make it look like you clicked on an Uber ad and attribute the install to themselves.”

[…]

Source: Uber wasted $100 million on useless digital ad campaigns

A lot more moralising in the article on how Uber is evil and how this writer would spend someone else’s money but we’re seeing more and more about how the huge digital “targetted” ad spends are actually not delivering on their promises

Scientists turn CO2 into jet fuel

Posted on by

Researchers may have found a way to reduce the environmental impact of air travel in situations when electric aircraft and alternative fuels aren’t practical. Wired reports that Oxford University scientists have successfully turned CO2 into jet fuel, raising the possibility of conventionally-powered aircraft with net zero emissions.

The technique effectively reverses the process of burning fuel by relying on the organic combustion method. The team heated a mix of citric acid, hydrogen and an iron-manganese-potassium catalyst to turn CO2 into a liquid fuel capable of powering jet aircraft.

The approach is inexpensive, uncomplicated and uses commonplace materials. It’s cheaper than processes used to turn hydrogen and water into fuel.

There are numerous challenges to bringing this to aircraft. The lab method only produced a few grams of fuel — you’d clearly need much more to support even a single flight, let alone an entire fleet. You’d need much more widespread use of carbon capture. And if you want effectively zero emissions, the capture and conversion systems would have to run on clean energy.

The researches are talking with industrial partners, though, and don’t see any major scientific hurdles. It might also be one of the most viable options for fleets. Many of them would have to replace their aircraft to go electric or switch fuel types. This conversion process would let airlines keep their existing aircraft and go carbon neutral until they’re truly ready for eco-friendly propulsion.

Source: Scientists turn CO2 into jet fuel | Engadget

Zyxel products have a hardcoded root user you can access from internet

Posted on by

TL;DR: If you have a Zyxel USG, ATP, VPN, ZyWALL or USG FLEX you should update to the latest firmware version today. You can find the full list of affected devices here and the Zyxel advisory here.

Zyxel is a popular brand for firewalls that are marketed towards small and medium businesses. Their Unified Security Gateway (USG) product line is often used as a firewall or VPN gateway. As a lot of us are working from home, VPN-capable devices have been quite selling well lately.

When doing some research (rooting) on my Zyxel USG40, I was surprised to find a user account ‘zyfwp’ with a password hash in the latest firmware version (4.60 patch 0). The plaintext password was visible in one of the binaries on the system. I was even more surprised that this account seemed to work on both the SSH and web interface.

$ ssh zyfwp@192.168.1.252
Password: Pr*******Xp
Router> show users current
No: 1
  Name: zyfwp
  Type: admin
(...)
Router>

The user is not visible in the interface and its password cannot be changed. I checked the previous firmware version (4.39) and although the user was present, it did not have a password. It seemed the vulnerability had been introduced in the latest firmware version. Even though older versions do not have this vulnerability, they do have others (such as this buffer overflow) so you should still update.

As SSL VPN on these devices operates on the same port as the web interface, a lot of users have exposed port 443 of these devices to the internet. Using publicly available data from Project Sonar, I was able to identify about 3.000 Zyxel USG/ATP/VPN devices in the Netherlands. Globally, more than 100.000 devices have exposed their web interface to the internet.

Source: Undocumented user account in Zyxel products (CVE-2020-29583) – EYE

Julian Assange will NOT be extradited to the US over WikiLeaks hacking and spy charges, rules British judge

Posted on by

Accused hacker and WikiLeaks founder Julian Assange should not be extradited to the US to stand trial, Westminster Magistrates’ Court has ruled.

District Judge Vanessa Baraitser told Assange this morning that there was no legal obstacle to his being sent to the US, where he faces multiple criminal charges under America’s Espionage Act and Computer Fraud and Abuse Act over his WikiLeaks website.

Assange is a suicide risk and the judge decided not to order his extradition to the US, despite giving a ruling in which she demolished all of his legal team’s other arguments against extradition.

“I am satisfied that the risk that Mr Assange will commit suicide is a substantial one,” said the judge, sitting at the Old Bailey, in this morning’s ruling. Adopting the conclusions of medical expert Professor Michael Kopelman, an emeritus professor of neuropsychiatry at King’s College London, Judge Baraitser continued:

Taking account of all of the information available to him, he considered Mr Assange’s risk of suicide to be very high should extradition become imminent. This was a well-informed opinion carefully supported by evidence and explained over two detailed reports.

[…]

All other legal arguments against extradition rejected

Judge Baraitser heard from Assange’s lawyers during this case that he was set to be extradited because he had politically embarrassed the US, rather than committed any genuine criminal offence.

Nonetheless, US lawyers successfully argued that Assange’s actions were outside journalistic norms, with the judge approvingly quoting news articles from The Guardian and New York Times that condemned him for dumping about 250,000 stolen US diplomatic cables online in clear text.

“Free speech does not comprise a ‘trump card’ even where matters of serious public concern are disclosed,” said the judge in a passage that will be alien to American readers, whose country’s First Amendment reverses that position.

[…]

The judge also found that the one-time WikiLeaker-in-chief had directly commissioned a range of people to hack into various Western countries’ governments, banks and commercial businesses, including the Gnosis hacking crew that was active in the early 2010s.

Judge Baraitser also dismissed Assange’s legal arguments that publishing stolen US government documents on WikiLeaks was not a crime in the UK, ruling that had he been charged in the UK, he would have been guilty of offences under the Official Secrets Acts 1911-1989. Had his conduct not been a crime in the UK, that would have been a powerful blow against extradition.

[…]

Summing up the thoughts of most if not all people following Assange’s case when the verdict was given, NSA whistleblower Edward Snowden took to Twitter:

Having had all of his substantive legal arguments dismissed, there isn’t much for Assange and his supporters to cheer about today. It is certain that the US will throw as much legal muscle at the appeal as it possibly can. With some British prisoners successfully avoiding extradition by expressing suicidal thoughts, it is likely American prosecutors will want to set a UK precedent that overturns the suicide barrier.

Source: Julian Assange will NOT be extradited to the US over WikiLeaks hacking and spy charges, rules British judge • The Register

Microsoft says SolarWinds hackers viewed source code

Posted on by

The hackers who carried out a sophisticated cyberattack on US government agencies and on private companies were able to access Microsoft’s source code, the company said Thursday.

A Microsoft investigation turned up “unusual activity with a small number of internal accounts” and also revealed that “one account had been used to view source code in a number of source code repositories,” the company said in a blog post. Microsoft said that the account didn’t have the ability to modify code and that no company services or customer data was put at risk.

[…]

Source: Microsoft says SolarWinds hackers viewed source code – CNET

T-Mobile data breach exposed phone numbers, call records for 200k customers

Posted on by

T-Mobile has announced a data breach exposing customers’ proprietary network information (CPNI), including phone numbers and call records.

Starting yesterday, T-Mobile began texting customers that a “security incident” exposed their account’s information.

According to T-Mobile, its security team recently discovered “malicious, unauthorized access” to their systems. After bringing in a cybersecurity firm to perform an investigation, T-Mobile found that threat actors gained access to the telecommunications information generated by customers, known as CPNI.

The information exposed in this breach includes phone numbers, call records, and the number of lines on an account.

“Customer proprietary network information (CPNI) as defined by the Federal Communications Commission (FCC) rules was accessed. The CPNI accessed may have included phone number, number of lines subscribed to on your account and, in some cases, call-related information collected as part of the normal operation of your wireless service,” T-Mobile stated in a data breach notification.

T-Mobile states that the data breach did not expose account holders’ names, physical addresses, email addresses, financial data, credit card information, social security numbers, tax IDs, passwords, or PINs.

In a statement to BleepingComputer, T-Mobile stated that this breach affected a “small number of customers (less than 0.2%).”  T-Mobile has approximately 100 million customers, which equates to around 200,000 people affected by this breach.

[…]

Source: T-Mobile data breach exposed phone numbers, call records

Access To Big Data Turns Farm Machine Makers Into Tech Firms

Posted on by

The combine harvester, a staple of farmers’ fields since the late 1800s, does much more these days than just vacuum up corn, soybeans and other crops. It also beams back reams of data to its manufacturer.

GPS records the combine’s precise path through the field. Sensors tally the number of crops gathered per acre and the spacing between them. On a sister machine called a planter, algorithms adjust the distribution of seeds based on which parts of the soil have in past years performed best. Another machine, a sprayer, uses algorithms to scan for weeds and zap them with pesticides. All the while sensors record the wear and tear on the machines, so that when the farmer who operates them heads to the local distributor to look for a replacement part, it has already been ordered and is waiting for them.

Farming may be an earthy industry, but much of it now takes place in the cloud. Leading farm machine makers like Chicago-based John Deere & Co. DE +1.1% or Duluth’s AGCO AGCO +0.9% collect data from all around the world thanks to the ability of their bulky machines to extract a huge variety of metrics from farmers’ fields and store them online. The farmers who sit in the driver’s seats of these machines have access to the data that they themselves accumulate, but legal murk obfuscates the question of whether they actually own that data and only the machine manufacturer can see all the data from all the machines leased or sold.

[…]

Still, farmers have yet to be fully won over. Many worry that by allowing the transfer of their data to manufacturers, it will inadvertently wind up in the hands of neighboring farmers with whom they compete for scarce land, who could then mine their closely guarded information about the number of acres they plow or the types of fertilizers and pesticides they use, thus gaining a competitive edge. Others fear that information about the type of seeds or fertilizer they use will wind up in the hands of the chemicals companies they buy from, allowing those companies to anticipate their product needs and charge them more, said Jonathan Coppess, a professor at the University of Illinois.

Sensitive to the suggestion that they are infringing on privacy, the largest equipment makers say they don’t share farmers’ data with third parties unless farmers give permission. (Farmers frequently agree to share data with, for example, their local distributors and dealers.)

It’s common to hear that farmers are, by nature, highly protective of their land and business, and that this predisposes them to worry about sharing data even when there are more potential benefits than drawbacks. Still, the concerns are at least partly the result of a lack of legal and regulatory standards around the collection of data from smart farming technologies, observers say. Contracts to buy or rent big machines are many pages long and the language unclear, especially since some of the underlying legal concepts regarding the sharing and collecting of agricultural data are still evolving.

As one 2019 paper puts it, “the lack of transparency and clarity around issues such as data ownership, portability, privacy, trust and liability in the commercial relationships governing smart farming are contributing to farmers’ reluctance to engage in the widespread sharing of their farm data that smart farming facilitates. At the heart of the concerns is the lack of trust between the farmers as data contributors, and those third parties who collect, aggregate and share their data.”

[…]

Some farmers may still find themselves surprised to discover the amount of access Deere and others have to their data. Jacob Maurer is an agronomist with RDO Equipment Co., a Deere dealer, who helps farmers understand how to use their data to work their fields more efficiently. He explained that some farmers would be shocked to learn how much information about their fields he can access by simply tapping into Deere’s vast online stores of data and pulling up their details.

[…]

Based on the mountains of data flowing in to their databases, equipment makers with sufficient sales of machines around the country may in theory actually be able to predict, at least to some small but meaningful extent, the prices of various crops by analyzing the data its machines are sending in — such as “yields” of crops per acre, the amount of fertilizer used, or the average number of seeds of a given crop planted in various regions, all of which would help to anticipate the supply of crops come harvest season.

Were the company then to sell that data to a commodities trader, say, it could likely reap a windfall. Normally, the markets must wait for highly-anticipated government surveys to run their course before having an indication of the future supply of crops. The agronomic data that machine makers collect could offer similar insights but far sooner.

Machine makers don’t deny the obvious value of the data they collect. As AGCO’s Crawford put it: “Anybody that trades grains would love to have their hands on this data.”

Experts occasionally wonder about what companies could do with the data. Mary Kay Thatcher, a former official with the American Farm Bureau, raised just such a concern in an interview with National Public Radio in 2014, when questions about data ownership were swirling after Monsanto began deploying a new “precision planting” tool that required it to have gobs of data.

“They could actually manipulate the market with it. You know, they only have to know the information about what’s actually happening with harvest minutes before somebody else knows it,” Thatcher said in the interview.

“Not saying they will. Just a concern.”

Source: Access To Big Data Turns Farm Machine Makers Into Tech Firms

Apple Told This Developer That His App ‘Promoted’ Drugs – after 6 years in the store

Posted on by

In Apple’s world, an app can be inappropriate one day, but acceptable the next. That’s what the developer of Amphetamine—an app designed to keep Macs from going to sleep, which is useful in situations such as when a file is downloading or when a specific app is running—learned recently when Apple got in touch with him and told him that his app violated the company’s App Store guidelines.

Amphetamine developer William Gustafson published an account of the incident and his experience with Apple’s App Store review team on GitHub on Friday. In the post, Gustafson explained that Apple contacted him on Dec. 29 and told him that Amphetamine, which has been on the Mac App Store for six years, had suddenly begun violating one of the company’s App Store guidelines. Specifically, Gustafson said that Apple claimed that Amphetamine appeared to promote the inappropriate use of controlled substances given its very name—amphetamines are used to treat ADHD—and because its icon includes a pill.

[…]

“As we discussed, we found that your app includes content that some users may find upsetting, offensive, or otherwise objectionable,” an Apple representative told Gustafson on Dec. 29 according to a screenshot shared with Gizmodo. “Specifically, your app name and icon include references to controlled substances, pills.”

The representative then brought up App Store Guideline 1.4.3, which pertains to safety and physical harm. The guideline reads as follows:

“Apps that encourage consumption of tobacco and vape products, illegal drugs, or excessive amounts of alcohol are not permitted on the App Store. Apps that encourage minors to consume any of these substances will be rejected. Facilitating the sale of marijuana, tobacco, or controlled substances (except for licensed pharmacies) isn’t allowed.”

To resolve the issue, the Apple representative said that Gustafson had to remove all content that encourages inappropriate consumption of drugs or alcohol. Gustafson explained in his Github post that Apple had threatened to remove Amphetamine from the Mac App Store on Jan. 12 if he did not oblige with its request for changes.

If this is all sounding a bit wild to you, that’s because it is. Although Amphetamine uses its name and branding to lightheartedly convey the fact that the app will prevent your Mac from going to sleep, it does not do anything that violates Guideline 1.4.3.

Source: Apple Told This Developer That His App ‘Promoted’ Drugs

Pentagon Puts F-35 Full-Rate Production Decision On Hold

Posted on by

In a setback for the Lockheed Martin F-35 stealth fighter program, the U.S. Department of Defense has formally decreed that a decision on full-rate production of the jet is on indefinite hold. The Milestone C decision on whether or not to ramp up the manufacture of Joint Strike Fighters had been due in or before March 2021, but has now been on hold pending completion of the final phase of operational testing of the F-35.

Bloomberg was first to report news of the verdict, which was made by Ellen Lord, the Under Secretary of Defense for Acquisition and Sustainment in the Trump administration. There had been previous suggestions that a delay was at least likely, before today’s official confirmation.

U.S. Marine Corps/Lance Cpl. Dalton J. Payne

U.S. Marine Corps F-35Bs assigned to VMFA-121 await refueling at Marine Corps Air Station Futenma, Okinawa, Japan, December 17, 2020.

While more than 600 F-35s have been manufactured so far by the Joint Strike Fighter enterprise, including 123 examples delivered in 2020, wrapping up the Initial Operational Test & Evaluation (IOT&E) is a formal requirement before the formal launch of full-rate production. Once that happens, it will signal that the Pentagon officially has confidence in the program’s maturity and that the jet is able to perform as required in all operational conditions. Ultimately, the manufacturing run of the F-35 could reach 3,200 aircraft, depending on different nations’ requirements and emerging new customers. The U.S. Air Force alone has a program of record to eventually buy 1,763 conventional takeoff and landing F-35As, 241 of which had been delivered as of last summer.

Furthermore, the production-related milestone is supposed to confirm that the F-35 meets maintenance requirements, which have fallen short in the past, and that the manufacturing effort is running efficiently. This year, the effects of the COVID-19 pandemic mean that fewer F-35s have been delivered than was originally planned.

The latest hiccup in the F-35 program is a result of delays to operational testing in the Joint Simulation Environment. The F-35 needs to prove itself in these trials in order to complete the IOT&E phase and kickstart the full-rate production review.

This a critical, roughly month-long testing phase was originally supposed to begin in 2017. That schedule subsequently slipped and there had been a hope that those trials would begin this month. Now, the F-35 is not likely to enter the Joint Simulation Environment until mid-to-late 2021.

[…]

Source: It’s Official: Pentagon Puts F-35 Full-Rate Production Decision On Hold

Japanese Researchers Are Working to Create Wooden Satellites

Posted on by

You might think metal satellites burn up on re-entry, but as it turns out, it’s not that simple. “We are very concerned with the fact that all the satellites which re-enter the Earth’s atmosphere burn and create tiny alumina particles which will float in the upper atmosphere for many years,” Takao Doi, an astronaut and Kyoto University professor, told the BBC when speaking about the project. “Eventually it will affect the environment of the Earth.”

Wood, however, would entirely burn up upon re-entry without leaving harmful substances in the atmosphere—or perhaps scattering dangerous debris. According to Nikkei Asia, another reason the researchers are experimenting with wood is that it doesn’t block electromagnetic waves or the Earth’s own magnetic field. That means wooden satellites could have simpler builds, as components like antennas could be placed inside the satellite itself.

[…]

According to the World Economic Forum, there are roughly 6,000 satellites currently in orbit, of which 60% are actually defunct. Meanwhile, 990 satellites are estimated to be launched every year for the next decade. The WEF also notes that there are more than half a million pieces of space trash larger than a marble currently floating around the Earth and 20,000 pieces of debris that are larger than a softball. These pieces of trash aren’t static. They are actually moving at speeds up to 17,500 miles per hour, the speed necessary to remain in orbit and not fall back to the Earth itself. According to NASA, more space junk presents an increasing danger of collision to all types of spacecraft, including the International Space Station, shuttles, and any other type of vessel that may carry humans.

[…]

The problem of space clutter is only getting worse, as both Elon Musk’s SpaceX and Amazon’s Project Kuiper race to launch thousands of satellites into orbit to provide low-cost internet. Meanwhile, astronomers have also expressed concern that these satellite constellations could potentially disrupt their ability to observe the cosmos. It’s unclear how much wooden satellites would alleviate the problem, but hey, it’s gotta be better than sticking more metal junk up there.

Source: Japanese Researchers Are Working to Create Wooden Satellites

Ticketmaster To Pay $10 million After Illegally Hacking Rival’s System

Posted on by

Ticketmaster and its parent company, Live Nation, have agreed to pay out $10 million dollars to a competitor after admitting to hiring a former employee to hack into the rival company’s computer network.

According to a statement issued by the Justice Department on Wednesday, the five criminal counts facing Ticketmaster stemmed from a plot to infiltrate the computer system of ticket-seller rival CrowdSurge in a self-described attempt to “cut [the company] off at the knees.”

“Ticketmaster employees repeatedly — and illegally — accessed a competitor’s computers without authorization using stolen passwords to unlawfully collect business intelligence,” acting US attorney Seth DuCharme said in the statement. “Further, Ticketmaster’s employees brazenly held a division-wide ‘summit’ at which the stolen passwords were used to access the victim company’s computers.”

The hacking plot was first reported in 2017, shortly after CrowdSurge filed an antitrust lawsuit against Live Nation. At some point prior to that filing, Live Nation had apparently recruited an employee named Stephen Mead, whom the company had poached from CrowdSurge in 2013, to turn on his former employer, offering data analytics and insider secrets to top executives in an attempt to hobble the competitor.

Mead’s knowledge of his former employer’s passwords was so extensive that it enabled him to log in to the company’s backend during a 2014 Live Nation summit, where he reportedly offered executives a “product review” of CrowdSurge’s operations and led a demonstration of the smaller company’s internal systems.

In a statement to The Verge, a Ticketmaster spokesperson said that the company was satisfied with the terms of the settlement, and stressed that both Mead and Zeeshan Zaidi — Ticketmaster’s former general manager of artist services — had both been terminated as a result of an investigation into the wrongdoing.

Source: Ticketmaster To Pay $10 million After Illegally Hacking Rival’s System

China pushes Alibaba founder Jack Ma to downsize his finance business Ant Group

Posted on by

China’s crackdown on Jack Ma’s empire is far from over: The country’s regulators have ordered the Ma-founded Alibaba affiliate Ant Group to scale down its business. In particular, they’ve ordered the company to “return to its origins” as a payment provider. Ant Group started out as Alipay, which became China’s largest digital payment platform, though it eventually expanded to offer investment and savings accounts, as well as lending, insurance and wealth management services. Pan Gongsheng, the deputy governor of China’s central bank, called those services “illegal” and said the company must “strictly rectify” those activities. As The Guardian noted, those services are the group’s most profitable and fastest-growing divisions.

Gongsheng listed all the steps Ant Group are required to take as ordered by Chinese regulators in a release posted on the bank’s official website. Those requirements include prohibiting unfair competition, improving corporate governance and ensuring everything it does is “in accordance with the law.” As for the company, it told The Guardian in a statement that it would form a “rectification working group” to implement those requirements. A spokesperson explained:

“We will enlarge the scope and magnitude of opening up for win-win collaboration, review and rectify our work in consumer rights protection, and comprehensively improve our business compliance and sense of social responsibility. Ant will make its rectification plan and working timetable in a timely manner and seek regulators’ guidance in the process.”

Back in November, Chinese regulators blocked Ant’s planned IPO in Hong Kong and Shanghai, which was expected to raise $34 billion. Authorities also introduced new draft laws to oversee tech companies’ data collecting activities, along with other rules they say are meant to protect consumers. And just a few days ago, regulators opened an investigation into Alibaba’s “suspected monopolistic conduct.”

Ma’s businesses seem to have become a target after he called Chinese banks state-owned “pawnshops” for handing out unnecessary loans at a finance summit in Shanghai in October. According to Bloomberg, his companies have been in crisis mode since then and his executives even formed a task force to deal with government watchdogs on a daily basis.

Source: China pushes Alibaba founder Jack Ma to downsize his finance business | Engadget

Korean artificial sun sets the new world record of 20-sec-long operation at 100 million degrees

Posted on by

The Korea Superconducting Tokamak Advanced Research (KSTAR), a superconducting fusion device also known as the Korean artificial sun, set the new world record as it succeeded in maintaining the high temperature plasma for 20 seconds with an ion temperature over 100 million degrees (Celsius).

On November 24 (Tuesday), the KSTAR Research Center at the Korea Institute of Fusion Energy (KFE) announced that in a joint research with the Seoul National University (SNU) and Columbia University of the United States, it succeeded in continuous operation of for 20 seconds with an ion- higher than 100 million degrees, which is one of the core conditions of nuclear fusion in the 2020 KSTAR Plasma Campaign.

It is an achievement to extend the 8 second plasma operation time during the 2019 KSTAR Plasma Campaign by more than 2 times. In its 2018 experiment, the KSTAR reached the plasma ion temperature of 100 million degrees for the first time (retention time: about 1.5 seconds).

[…]

The KSTAR began operating the device last August and plans to continue its plasma generation experiment until December 10, conducting a total of 110 plasma experiments that include high-performance plasma operation and plasma disruption mitigation experiments, which are joint research experiments with domestic and overseas research organizations.

In addition to the success in high temperature plasma operation, the KSTAR Research Center conducts experiments on a variety of topics, including ITER researches, designed to solve complex problems in fusion research during the remainder of the experiment period.

The KSTAR is going to share its key experiment outcomes in 2020 including this success with fusion researchers across the world in the IAEA Fusion Energy Conference which will be held in May.

Source: Korean artificial sun sets the new world record of 20-sec-long operation at 100 million degrees

Vietnam targeted in complex supply chain attack through CA

Posted on by

A group of mysterious hackers has carried out a clever supply chain attack against Vietnamese private companies and government agencies by inserting malware inside an official government software toolkit.

The attack, discovered by security firm ESET and detailed in a report named “Operation SignSight,” targeted the Vietnam Government Certification Authority (VGCA), the government organization that issues digital certificates that can be used to electronically sign official documents.

Any Vietnamese citizen, private company, and even other government agency that wants to submit files to the Vietnamese government must sign their documents with a VGCA-compatible digital certificate.

The VGCA doesn’t only issue these digital certificates but also provides ready-made and user-friendly “client apps” that citizens, private companies, and government workers can install on their computers and automate the process of signing a document.

But ESET says that sometime this year, hackers broke into the agency’s website, located at ca.gov.vn, and inserted malware inside two of the VGCA client apps offered for download on the site.

The two files were 32-bit (gca01-client-v2-x32-8.3.msi) and 64-bit (gca01-client-v2-x64-8.3.msi) client apps for Windows users.

ESET says that between July 23 and August 5, this year, the two files contained a backdoor trojan named PhantomNet, also known as Smanager.

The malware wasn’t very complex but was merely a wireframe for more potent plugins, researchers said.

Known plugins included the functionality to retrieve proxy settings in order to bypass corporate firewalls and the ability to download and run other (malicious) apps.

The security firm believes the backdoor was used for reconnaissance prior to a more complex attack against selected targets.

[…]

PantomNet victims also discovered in the Philippines

ESET said that it also found victims infected with the PhantomNet backdoor in the Philippines but was unable to say how these users got infected. Another delivery mechanism is suspected.

The Slovak security firm didn’t formally attribute the attack to any particular group, but previous reports linked the PhatomNet (Smanager) malware to Chinese state-sponsored cyber-espionage activities.

The VGCA incident marks the fifth major supply chain attack this year after the likes of:

  • SolarWinds – Russian hackers compromised the update mechanism of the SolarWinds Orion app and infected the internal networks of thousands of companies across the glove with the Sunburst malware.
  • Able Desktop – Chinese hackers have compromised the update mechanism of a chat app used by hundreds of Mongolian government agencies.
  • GoldenSpy – A Chinese bank had been forcing foreign companies activating in China to install a backdoored tax software toolkit.
  • Wizvera VeraPort – North Korean hackers compromised the Wizvera VeraPort system to deliver malware to South Korean users.

Source: Vietnam targeted in complex supply chain attack | ZDNet

China Targets Jack Ma’s Alibaba With Monopoly Investigation

Posted on by

China kicked off an investigation into alleged monopolistic practices at Alibaba Group Holding and summoned affiliate Ant Group Co. to a high-level meeting over financial regulations, escalating scrutiny over the twin pillars of billionaire Jack Ma’s internet empire.

The probe announced Thursday marks the formal start of the Communist Party’s crackdown on the crown jewel of Ma’s sprawling dominion, spanning everything from e-commerce to logistics and social media. The pressure on Ma is central to a broader effort to rein in an increasingly influential internet sphere: Draft anti-monopoly rules released November gave the government unusually wide latitude to rein in entrepreneurs like Ma who until recently enjoyed unusual freedom to expand their realms.

Once hailed as drivers of economic prosperity and symbols of the country’s technological prowess, Alibaba and rivals like Tencent Holdings face increasing pressure from regulators after amassing hundreds of millions of users and gaining influence over almost every aspect of daily life in China.

“It’s clearly an escalation of coordinated efforts to rein in Jack Ma’s empire, which symbolized China’s new ‘too-big-to-fail’ entities,” said Dong Ximiao, a researcher at Zhongguancun Internet Finance Institute. “Chinese authorities want to see a smaller, less dominant and more compliant firm.”

[…]

Ma isn’t on the verge of a personal downfall, those familiar with the situation have said. His very public rebuke is instead a warning Beijing has lost patience with the outsize power of its technology moguls, increasingly perceived as a threat to the political and financial stability President Xi Jinping prizes most.

[…]

The country’s internet ecosystem — long protected from competition by the likes of Google and Facebook — is dominated by two companies, Alibaba and Tencent, through a labyrinthine network of investment that encompasses the vast majority of the country’s startups in arenas from AI to digital finance. Their patronage has also groomed a new generation of titans including food and travel giant Meituan and Didi Chuxing — China’s Uber. Those that prosper outside their aura, the largest being TikTok-owner ByteDance Ltd., are rare.

The anti-monopoly rules now threaten to upset that status quo with a range of potential outcomes, from a benign scenario of fines to a break-up of industry leaders. Beijing’s diverse agencies appear to be coordinating their efforts — a bad sign for the internet sector.

“There is nothing that Chinese Communist Party doesn’t control and anything that does appear to be gyrating out of its orbit in any way is going to get pulled back very quickly,” said Alex Capri, a Singapore-based research fellow at the Hinrich Foundation.

The campaign against Alibaba and its peers got into high gear in November, after Ma famously attacked Chinese regulators in a public address for lagging the times. Market overseers subsequently suspended Ant’s IPO — the world’s largest at $35 billion — while the anti-monopoly watchdog threw markets into a tailspin shortly after with its draft legislation.

[…]

 

Source: China Targets Jack Ma’s Alibaba With Monopoly Investigation | Time

China’s Secret War for U.S. Data Blew American Spies’ Cover

Posted on by

Around 2013, U.S. intelligence began noticing an alarming pattern: Undercover CIA personnel, flying into countries in Africa and Europe for sensitive work, were being rapidly and successfully identified by Chinese intelligence, according to three former U.S. officials. The surveillance by Chinese operatives began in some cases as soon as the CIA officers had cleared passport control. Sometimes, the surveillance was so overt that U.S. intelligence officials speculated that the Chinese wanted the U.S. side to know they had identified the CIA operatives, disrupting their missions; other times, however, it was much more subtle and only detected through U.S. spy agencies’ own sophisticated technical countersurveillance capabilities.

[…]

CIA officials believed the answer was likely data-driven—and related to a Chinese cyberespionage campaign devoted to stealing vast troves of sensitive personal private information, like travel and health data, as well as U.S. government personnel records. U.S. officials believed Chinese intelligence operatives had likely combed through and synthesized information from these massive, stolen caches to identify the undercover U.S. intelligence officials. It was very likely a “suave and professional utilization” of these datasets, said the same former intelligence official. This “was not random or generic,” this source said. “It’s a big-data problem.”

[…]

In 2010, a new decade was dawning, and Chinese officials were furious. The CIA, they had discovered, had systematically penetrated their government over the course of years, with U.S. assets embedded in the military, the CCP, the intelligence apparatus, and elsewhere. The anger radiated upward to “the highest levels of the Chinese government,” recalled a former senior counterintelligence executive.

Exploiting a flaw in the online system CIA operatives used to secretly communicate with their agents—a flaw first identified in Iran, which Tehran likely shared with Beijing—from 2010 to roughly 2012, Chinese intelligence officials ruthlessly uprooted the CIA’s human source network in China, imprisoning and killing dozens of people.

[…]

The anger in Beijing wasn’t just because of the penetration by the CIA but because of what it exposed about the degree of corruption in China. When the CIA recruits an asset, the further this asset rises within a county’s power structure, the better. During the Cold War it had been hard to guarantee the rise of the CIA’s Soviet agents; the very factors that made them vulnerable to recruitment—greed, ideology, blackmailable habits, and ego—often impeded their career prospects. And there was only so much that money could buy in the Soviet Union, especially with no sign of where it had come from.

But in the newly rich China of the 2000s, dirty money was flowing freely. The average income remained under 2,000 yuan a month (approximately $240 at contemporary exchange rates), but officials’ informal earnings vastly exceeded their formal salaries. An official who wasn’t participating in corruption was deemed a fool or a risk by his colleagues. Cash could buy anything, including careers, and the CIA had plenty of it.

[…]

Over the course of their investigation into the CIA’s China-based agent network, Chinese officials learned that the agency was secretly paying the “promotion fees” —in other words, the bribes—regularly required to rise up within the Chinese bureaucracy, according to four current and former officials. It was how the CIA got “disaffected people up in the ranks. But this was not done once, and wasn’t done just in the [Chinese military],” recalled a current Capitol Hill staffer. “Paying their bribes was an example of long-term thinking that was extraordinary for us,” said a former senior counterintelligence official. “Recruiting foreign military officers is nearly impossible. It was a way to exploit the corruption to our advantage.” At the time, “promotion fees” sometimes ran into the millions of dollars, according to a former senior CIA official: “It was quite amazing the level of corruption that was going on.” The compensation sometimes included paying tuition and board for children studying at expensive foreign universities, according to another CIA officer.

[…]

This was a global problem for the CCP. Corrupt officials, even if they hadn’t been recruited by the CIA while in office, also often sought refuge overseas—where they could then be tapped for information by enterprising spy services. In late 2012, party head Xi Jinping announced a new anti-corruption campaign that would lead to the prosecution of hundreds of thousands of Chinese officials. Thousands were subject to extreme coercive pressure, bordering on kidnapping, to return from living abroad. “The anti-corruption drive was about consolidating power—but also about how Americans could take advantage of [the corruption]. And that had to do with the bribe and promotion process,” said the former senior counterintelligence official.

The 2013 leaks from Edward Snowden, which revealed the NSA’s deep penetration of the telecommunications company Huawei’s China-based servers, also jarred Chinese officials, according to a former senior intelligence analyst.

[…]

By about 2010, two former CIA officials recalled, the Chinese security services had instituted a sophisticated travel intelligence program, developing databases that tracked flights and passenger lists for espionage purposes. “We looked at it very carefully,” said the former senior CIA official. China’s spies “were actively using that for counterintelligence and offensive intelligence. The capability was there and was being utilized.” China had also stepped up its hacking efforts targeting biometric and passenger data from transit hubs, former intelligence officials say—including a successful hack by Chinese intelligence of biometric data from Bangkok’s international airport.

To be sure, China had stolen plenty of data before discovering how deeply infiltrated it was by U.S. intelligence agencies. However, the shake-up between 2010 and 2012 gave Beijing an impetus not only to go after bigger, riskier targets, but also to put together the infrastructure needed to process the purloined information. It was around this time, said a former senior NSA official, that Chinese intelligence agencies transitioned from merely being able to steal large datasets en masse to actually rapidly sifting through information from within them for use. U.S. officials also began to observe that intelligence facilities within China were being physically co-located near language and data processing centers, said this person.

For U.S. intelligence personnel, these new capabilities made China’s successful hack of the U.S. Office of Personnel Management (OPM) that much more chilling. During the OPM breach, Chinese hackers stole detailed, often highly sensitive personnel data from 21.5 million current and former U.S. officials, their spouses, and job applicants, including health, residency, employment, fingerprint, and financial data. In some cases, details from background investigations tied to the granting of security clearances—investigations that can delve deeply into individuals’ mental health records, their sexual histories and proclivities, and whether a person’s relatives abroad may be subject to government blackmail—were stolen as well. Though the United States did not disclose the breach until 2015, U.S. intelligence officials became aware of the initial OPM hack in 2012, said the former counterintelligence executive. (It’s not clear precisely when the compromise actually happened.)

[…]

For some at the CIA, recalled Gail Helt, a former CIA China analyst, the reaction to the OPM breach was, “Oh my God, what is this going to mean for everybody who had ever traveled to China? But also what is it going to mean for people who we had formally recruited, people who might be suspected of talking to us, people who had family members there? And what will this mean for agency efforts to recruit people in the future? It was terrifying. Absolutely terrifying.” Many feared the aftershocks would be widespread. “The concern just wasn’t that [the OPM hack] would curtail info inside China,” said a former senior national security official. “The U.S. and China bump up against each other around the world. It opened up a global Pandora’s box of problems.”

[…]

. During this same period, U.S. officials concluded that Russian intelligence officials, likely exploiting a difference in payroll payments between real State Department employees and undercover CIA officers, had identified some of the CIA personnel working at the U.S. Embassy in Moscow. Officials thought that this insight may have come from data derived from the OPM hack, provided by the Chinese to their Russian counterparts. U.S. officials also wondered whether the OPM hack could be related to an uptick in attempted recruitments by Chinese intelligence of Chinese American translators working for U.S. intelligence agencies when they visited family in China. “We also thought they were trying to get Mandarin speakers to apply for jobs as translators” within the U.S. intelligence community, recalled the former senior counterintelligence official. U.S. officials believed that Chinese intelligence was giving their agents “instructions on how to pass a polygraph.”

But after the OPM breach, anomalies began to multiply. In 2012, senior U.S. spy hunters began to puzzle over some “head-scratchers”: In a few cases, spouses of U.S. officials whose sensitive work should have been difficult to discern were being approached by Chinese and Russian intelligence operatives abroad, according to the former counterintelligence executive. In one case, Chinese operatives tried to harass and entrap a U.S. official’s wife while she accompanied her children on a school field trip to China. “The MO is that, usually at the end of the trip, the lightbulb goes on [and the foreign intelligence service identifies potential persons of interest]. But these were from day one, from the airport onward,” the former official said.

[…]

Source: China’s Secret War for U.S. Data Blew American Spies’ Cover

YouTube Class Action: Same IP Address Used to Upload ‘Pirate’ Movies & File DMCA Notices

Posted on by

YouTube says it has found a “smoking gun” to prove that a class-action lawsuit filed by Grammy award-winning musician Maria Schneider and Pirate Monitor Ltd was filed in bad faith. According to the Google-owned platform, the same IP address used to upload ‘pirate’ movies to the platform also sent DMCA notices targeting the same batch of content.

[…]

Schneider told the court that a number of her songs had been posted to YouTube without her permission. Pirate Monitor Ltd argued similarly, stating that pirated copies of its works had been uploaded to the site. Both further said they had been denied access to Content ID.

In its response, YouTube focused on Pirate Monitor, alleging that the company or its agents uploaded the ‘pirate’ movies and then claimed mass infringement, something which disqualified them from accessing Content ID.

[…]

“Through agents using pseudonyms to hide their identities, Pirate Monitor uploaded some two thousand videos to YouTube, each time representing that the content did not infringe anyone’s copyright. Shortly thereafter, Pirate Monitor invoked the notice-and-takedown provisions of the Digital Millennium Copyright Act to demand that YouTube remove the same videos its agents had just uploaded.”

[…]

In all, YouTube processed nearly 2,000 DMCA notices it received by Pirate Monitor in the fall of 2019. All of the targeted videos had a uniform length, around 30 seconds each, generated from “obscure Hungarian movies”. They had been uploaded in bulk from users with IP addresses allocated to Pakistan.

“That alone was suspicious, there is no obvious reason why short clips from relatively unknown Hungarian-language movies should be uploaded to YouTube from accounts and devices in Pakistan,” YouTube writes.

Furthermore, YouTube notes that the videos were uploaded by users with similar names, such as RansomNova11 and RansomNova12, who gave the clips nondescript titles. Perhaps even more telling, the takedown notices were sent soon after the videos were uploaded, sometimes before the videos had been seen by anyone.

[…]

After considerable digging, YouTube found a smoking gun. In November 2019, amidst a raft of takedown notices from Pirate Monitor, one of the ‘RansomNova’ users that had been uploading clips via IP addresses in Pakistan logged into their YouTube account from a computer connected to the Internet via an IP address in Hungary,” YouTube explains.

“Pirate Monitor had been sending YouTube its takedown notices from a computer assigned that very same unique numeric address in Hungary. Simply put, whoever RansomNova is, he or she was sharing Pirate Monitor’s computer and/or Internet connection, and doing so at the same time Pirate Monitor was using the same computer and/or connection to send YouTube takedown notices.”

Source: YouTube Class Action: Same IP Address Used to Upload ‘Pirate’ Movies & File DMCA Notices * TorrentFreak

Firefox to ship ‘network partitioning’ as a new anti-tracking defense

Posted on by

Firefox 85, scheduled to be released next month, in January 2021, will ship with a feature named Network Partitioning as a new form of anti-tracking protection.

The feature is based on “Client-Side Storage Partitioning,” a new standard currently being developed by the World Wide Web Consortium’s Privacy Community Group.

“Network Partitioning is highly technical, but to simplify it somewhat; your browser has many ways it can save data from websites, not just via cookies,” privacy researcher Zach Edwards told ZDNet in an interview this week.

“These other storage mechanisms include the HTTP cache, image cache, favicon cache, font cache, CORS-preflight cache, and a variety of other caches and storage mechanisms that can be used to track people across websites.”

Edwards says all these data storage systems are shared among websites.

The difference is that Network Partitioning will allow Firefox to save resources like the cache, favicons, CSS files, images, and more, on a per-website basis, rather than together, in the same pool.

This makes it harder for websites and third-parties like ad and web analytics companies to track users since they can’t probe for the presence of other sites’ data in this shared pool.

According to Mozilla, the following network resources will be partitioned starting with Firefox 85:

  • HTTP cache
  • Image cache
  • Favicon cache
  • Connection pooling
  • StyleSheet cache
  • DNS
  • HTTP authentication
  • Alt-Svc
  • Speculative connections
  • Font cache
  • HSTS
  • OCSP
  • Intermediate CA cache
  • TLS client certificates
  • TLS session identifiers
  • Prefetch
  • Preconnect
  • CORS-preflight cache

But while Mozilla will be deploying the broadest user data “partitioning system” to date, the Firefox creator isn’t the first.

Edwards said the first browser maker to do so was Apple, in 2013, when it began partitioning the HTTP cache, and then followed through by partitioning even more user data storage systems years later, as part of its Tracking Prevention feature.

Google also partitioned the HTTP cache last month, with the release of Chrome 86, and the results began being felt right away, as Google Fonts lost some of its performance metrics as it couldn’t store fonts in the shared HTTP cache anymore.

The Mozilla team expects similar performance issues for sites loaded in Firefox, but it’s willing to take the hit just to improve the privacy of its users.

“Most policy makers and digital strategists are focused on the death of the 3rd party cookie, but there are a wide variety of other fingerprinting techniques and user tracking strategies that need to be broken by browsers,” Edwards also ZDNet, lauding Mozilla’s move.

PS: Mozilla also said that a side-effect of deploying Network Partitioning is that Firefox 85 will finally be able to block “supercookies” better, a type of browser cookie file that abuses various shared storage mediums to persist in browsers and allow advertisers to track user movements across the web.

Source: Firefox to ship ‘network partitioning’ as a new anti-tracking defense | ZDNet