Friday: The Immoral Minority

/10 Comments/in , , /by

While philosopher Slavoj Žižek isn’t everybody’s cup of quirky tea, he’s got a valid point in this video.

The right-wing has abandoned its claim to be the Moral Majority.

Don’t mistake this as a validation of the Democratic Party here in the U.S.; they are only earning a majority in terms of politics, and in no small part by being the “Not GOP” party. With its leadership cozying up to war criminals, climate denialists and fossil fuel-based polluters, and general denigrators both of human rights and the public commons, they are not the Moral Majority by default.

But an unorganized left in this country rejects the right-wing’s ethical decay implicitly underpinning the Republican Party. The left rejects those values which undermine democracy — misogyny, racism and marginalization of other minorities, the ongoing subversion of individuals’ rights to promote the interests of corporations.

A true Moral Majority won’t support a social contract undermining democracy by limiting life, liberty, and happiness’ pursuit to a narrow few. It’s well past time for the broader left to coalesce into an organized entity based upon the belief that all humans are created equal and deserving a more perfect union.

Zapped by Zika

  • “ZIKA VIRUS | Days since White House funding request: 186 | Funding response from Congress: $0 | Zika cases in US and territories: 8,580” (Tweet, Dan Diamond/Politico)
  • Peter robbed to pay Paul: DHHS pulls money from other projects to fund Zika vaccine research (Reuters) — Lacking new dedicated funding from Congress, U.S. Department of Health and Human Services squeezed out $81 million and spread it into Zika vaccine research, with $34 million of that to the National Institutes of Health and $47 million to the Biomedical Advanced Research and Development Authority (BARDA). The white House had asked for $1.9 billion last fall for Zika, but that amount was pared down by 42%; Republicans then objected to any of the remaining portion going to Planned Parenthood, putting Democrats in a bind. Access to birth control is critically important to preventing Zika’s spread; access to abortion could prevent the birth of severely deformed infants who will live short, utterly miserable, and expensive lives.
  • Arthrogryposis — congenital joint defects — associated with Zika during pregnancy (The BMJ) — Dislocated and or misshaped knees, ankles, elbows, hips appeared in children born with other neurological defects found in Zika-infected fetuses. Further research is necessary to prove both the virus is causal and learn the mechanism by which the virus inflicts this damage in utero. The patients had been tested for other known causes of arthrogryposis — toxoplasmosis, cytomegalovirus, rubella, syphilis, and HIV. All were negative.
  • First infant death due to Zika reported in Texas (KHOU) — The infant’s mother traveled to El Salvador during pregnancy where it is believed she contracted the virus.
  • Zika virus case confirmed in Monroe County, Michigan (Detroit Free Press) — But the method of infection is not clear (what?!). County health and state officials are working toward mosquito surveillance.

Wheels and steals

  • Millions of vehicles made from 1995 on vulnerable to keyless-remote hacking (USENIX) — Researchers at University of Birmingham and Kasper & Oswald GmbH presented a paper at the USENIX 2016 conference, showing more than 20 years’ worth of VW Group vehicles are hackable using inexpensive Arduino-based RF transceiver technology. Alfa Romeo, Chevrolet, Peugeot, Lancia, Opel, Renault, Ford and other makes relying on the Hitag2 access security method are similarly at risk. Researchers also looked at after-market keyless entry remotes for these and other vehicles; the cars for which these worked were also vulnerable. All vehicles tested appear to be those made for the European market, but the research noted the radio frequency differences — 315 MHz band in North America and the 433 MHz or 868 MHz band in Europe — used in remotes. The paper’s research team notified VW in November 2015 of their results; NXP Semiconductor, a manufacturer of Hitag2 remote technology, was also notified. NXP had already informed customers of the vulnerability in 2012 and has already improved device security.
  • Volkswagen suppressed news about keyless remote insecurity since 2013 (Bloomberg) — The same researchers from University of Birmingham and Kasper & Oswald GmbH had originally approached NXP Semiconductor and VW with their work in 2012 and 2013, respectively. VW sued and blocked release of their work; the paper was released this past week at USENIX only “after lengthy negotiations” and the removal of a single sentence which car thieves could use to easily crack the keyless remotes. A number of suspicious automobile thefts over the years may have relied on hacking remotes; will insurance companies look into these thefts and demand recovery from VW?
  • DOE grants Ford $6M for fuel cell research (Detroit Free Press) — Existing fuel cell technology has been too expensive for successful commercialization; the grant will be used to develop cheaper technology competitive with battery and internal combustion engines.

Longread: Geopolitics
FiveBooks.com interviewed former state department official and senior fellow at the Council on Foreign Relations, Jennifer M. Harris, about geopolitics. She discusses the topic and offers five book recommendations about the same. Harris is the co-author of recently released War by Other Means: Geoeconomics and Statecraft. Given her work as U.S. National Intelligence Council staff followed by work on economics under then-Secretary of State Hillary Clinton, this interview might offer a preview to future statecraft.

Friday Jazz
It’s still Friday somewhere according to my clock. Try French performer Zaz, stage name for Isabelle Geffroy. If you like this ditty, preview more of her work on her channel on SoundCloud.

It’s been a hectic week here; next week doesn’t look any better, but I’ll aim to be here on Monday. Have a relaxing weekend!

Tuesday: En Garde

/18 Comments/in , , /by

Looks like it’s going to be a thing this week, covering women in sports. This is a marvelous example of covering a female competitor, this short film profiling U.S. Women’s Individual Foil fencer Nzingha Prescod — it’s about her and her approach to her sport, period. Does she sound like somebody who doesn’t care about the results of competition, like she’d rather have narrative surrounding it?

Her next match is tomorrow at 8:10 a.m.; I wish I could catch it live online.

[Journalism 101 fail again -- who are these competitors and what country do they play for? Which sport is this?]

[Journalism 101 fail again — who are these competitors and what country do they play for? Which sport is this?]

Another example of crappy coverage comes from BBC — can’t imagine why the UK became so white nationalist, can you? Let’s not note the countries or the individual competitors, let’s point out their attire and hint at religious and political positions at the same time. What garbage.

If you’re not already familiar with ‘male gaze‘, it’s time for a primer on this concept first theorized 41 years ago by Laura Mulvey. I don’t know if I can even call it purely feminist theory any longer though it arose because of feminism’s emergence. The way content is constructed can be political, and the way we view it can also be political; if content can be constructed for the male gaze, it can also be constructed to perform for political ideology. What we see in the BBC’s photo is both a political and sexist statement — the bikini-clad woman preferred over the fully-clothed woman whose attire has been mislabeled (it’s not a burka), the lack of identity in either case. These women are figures to be looked at for visual enjoyment and not in a manner which satisfies women but a male gaze with a particular ideological slant.

The problem with NBC’s constructed Olympic coverage is that the corporation believes it has created a ‘female gaze’ product — but women don’t feel immersed in the sports they are watching, continually disrupted by the inauthenticity of the content they are viewing. It feels forced, like we are supposed to care about the content presented apart from the actual sports on the screen based on a third (and likely straight male) party’s expectations of the female audience, but the mediation and curation process interfere with our autonomy in viewing. We feel a jarring disconnect from a state of attentive viewing into a state of critical viewing — we’re left unsatisfied.

I don’t think men are feeling any better about the content they are seeing because it fails to serve their gaze in a manner which they have always expected from the male-led sports and entertainment industries.

It’s so damned easy to fix, too.

The one entity finding a silver lining in NBC’s coverage of the Olympics? Netflix, which blames flat subscriber growth on the games’ broadcast. Hard to argue with this based on anecdotal evidence; everybody who ordinarily binges on Netflix programming and shares the experience in social media during cooler months is now complaining about NBC’s programming.

Wheels

  • Not one but THREE illegal emissions control software programs in VW’s 3.0L vehicles (Reuters) — U.S. isn’t saying how they found them but the existence of multiple programs hints at the reason for the lack of a “fix” for 3.0L passenger diesels under the terms of the proposed settlement. Volkswagen has admitted to emissions controls defeat in its 2.0L and 3.0L passenger diesel vehicles it marketed as “clean diesel” here in the U.S., but it has not been forthcoming about the emissions cheat methodology. If I had to guess, I’d say every one of the 3.0L vehicles will be bought back — because even after all this time, VW having known the cheats were discovered in 2014, the company still does not have a true fix for the 3.0L engine.
  • GM now testing self-driving Bolt in AZ (The Detroit News) — This is the second city in which GM has tested the Bolt; first tests were in San Francisco, which seems to me more challenging than Scottsdale.
  • Court case against GM starts this week (Bloomberg) — Judge will have their hands full trying to keep the case focused on whether ignition switch at fault or not given the driver’s youth and alleged reckless driving.

Wings

  • Delta’s massive outage yesterday still causing scheduling problems (Bloomberg) — System failure still attributed to power outage though interestingly Georgia Power said it was a Delta problem. No mention anywhere of other possible causes for the outage — so far.
  • Southwest’s July outage revealed enterprise problems (Bloomberg) — The crash of a single router caused massive problems which Southwest is still digging out of weeks later. Why is this airline lacking adequate failover? Why is this airline so focused on stock price now to detriment of instructure, in spite of fuel costs having fallen so much since June 2014?
  • Teen security research awarded one million flyer miles by United Airlines (ZDNet) — Olivier Beg reported 20 undisclosed bugs to the airline. The largest single reward he received was 250K miles, meaning the worst single bug he found was medium in severity. Certainly cheaper to offer Beg the equivalent of 20 roundtrips to the U.S. than pay for the costs related to a major bug-related outage.

Words

One for the road
Looks like the FBI hasn’t found an app for that yet — remote surveillance on smartphones, that is. Isn’t that interesting?

Off to cook dinner before the nightly Olympic debacle begins. Wonder what fresh hell the taped delayed coverage will bring?

The Just Right Fear Industry, in 18,000 Words

/5 Comments/in , , , /by

Steven Brill thinks we’re not worried enough about bioterrorism and dirty bombs. He makes that argument even while acknowledging that a dirty bomb attack launched in Washington DC would result in just 50 additional cancer deaths. And curiously, his extensive discussion about germ threats (inspired by a Scooter Libby report, no less!) doesn’t mention that the Russian military is currently struggling to contain an anthrax attack launched by a thawing reindeer.

That’s the problem with Brill’s opus: anthrax attacks only matter if they’re launched by Islamic extremist reindeers, not reindeers weaponized by climate change. (And if you were wondering, although he discusses it at length, Brill doesn’t mention that the 2001 anthrax attack, which was done with anthrax derived from a US lab, has never been solved.)

He makes a similar error when he spends 18 paragraphs focusing on what he (or his editors) dub “cyberterrorism” only to focus on OPM as proof the threat exists and includes this paragraph from Jim Comey admitting terrorists don’t yet have the capabilities to hurt us our Chinese and Russian adversaries do.

For his part, the FBI’s Comey worries more about a cyberterror onslaught directed at the private sector than one directed at the government. “These savages,” he says, “have so far only figured out how to use the internet to proselytize, not to wreak physical damage. What happens when they figure out how to use it to break into a chemical plant, or a blood bank and change the blood types? We know they are trying. And they don’t have to come here to do it.”

Biothreats and hacking are a threat. But it would be sheer idiocy to approach the problem, at this point, as primarily one of terrorism when climate change and nation-state adversaries clearly present a more urgent threat.

But it’s not just Brill who adopts some weird categorization. The article is perhaps most interesting for the really telling things he gets Comey to say, as when he suggests FBI drops investigations when they hear a “wing nut” making bomb threats in a restaurant.

“Think about it from our perspective,” Comey said when I asked about this. “Suppose someone is overheard in a restaurant saying that he wants to blow something up. And someone tells us about it. What should we do? Don’t we need to find out if he was serious? Or was he drunk? The way to do that is to have someone engage him in an undercover way, not show up with a badge and say, ‘What are your thoughts in regard to terrorism?’ ”

“Plenty of times it’s a wing nut or some drunk, and we drop it,” he continued.

I actually think the FBI, as an institution, is better than this. But to have the FBI Director suggest his bureau wouldn’t follow up if someone making bomb threats was deemed a radical but would if they were deemed a Muslim is really telling.

Which gets to the core of the piece. Over the course of the 18,000+ words, Brill admits — and quotes both President Obama and Comey admitting — that what makes terrorism different from the equally lethal attacks by other mentally unstable or “wing nut” types is the fear such attacks elicit.

President Obama described the difference to me this way: “If the perpetrator is a young white male, for instance—as in Tucson, Aurora, and Newtown—it’s widely seen as yet another tragic example of an angry or disturbed person who decided to lash out against his classmates, co-workers, or community. And even as the nation is shaken and mourns, these kinds of shootings don’t typically generate widespread fear. I’d point out that when the shooter or victims are African American, it is often dismissed with a shrug of indifference—as if such violence is somehow endemic to certain communities. In contrast, when the perpetrators are Muslim and seem influenced by terrorist ideologies—as at Fort Hood, the Boston Marathon bombing, San Bernardino, and Orlando—the outrage and fear is much more palpable. And yet, the fact is that Americans are far more likely to be injured or killed by gun violence than a terrorist attack.”

The FBI’s Comey agrees. “That the shooter in San Bernardino said he was doing it in the name of isil changed everything,” he told me. “It generates anxiety that another shooting incident, where the shooter isn’t a terrorist, doesn’t. That may be irrational, but it’s real.”

Nevertheless, all three — even Brill, in a piece where he takes Obama to task for not publicizing his change in dirty bomb response, refers to “deranged people and terrorists” obtaining assault weapons as if they are mutually exclusive categories — seem utterly unaware that part of the solution needs to be to stop capitulating to this fear. Stop treating terrorism as the unique, greatest threat when you know it isn’t. Channel the money being spent on providing tanks to local police departments to replacing lead pipes instead (an idea Brill floats but never endorses). Start treating threats to our infrastructure — both physical and digital — including those caused by weaponized reindeer as the threat they are.

And for chrissakes, don’t waste 18,000 words on a piece that at once scolds for fearmongering even while perpetuating that fear.

Friday: Little Fly

/12 Comments/in , , /by

Friday jazz comes to us from vocalist and bassist Esperanza Spalding, one of my personal favorites. She’s the first jazz musician to ever win the Grammy Award for Best New Artist, awarded only a handful of months after this featured performance from 2010.

My favorite tune of the three she performs here is Apple Blossom — it never fails to make me sniffle. Spalding plays more than just the double bass; sample her more progressive work on electric bass here. Want something a bit more traditional? Try her upbeat bluesy rendition of On the Sunny Side of the Street. Or maybe a little pop rock slice with her tribute to Stevie Wonder, Overjoyed.

Wheels and steals
Volkswagen:

  • Whiny op-ed complains about poor, poor Volkswagen (WSJ) — Aw, poor fraudulent enterprise lied and ripped off the American public for a decade while other automakers in the U.S. complied with emissions laws. Murdoch-NewsCorp outlet Wall Street Journal wants us to take pity on the bastards who did not care one whit they were literally poisoning U.S. citizens while lying to customers and dealers, let alone poisoning and lying to tens of millions of customers abroad. Look, they broke U.S. laws for nearly ten years. They made interest and capital gains on the money they gained from their illegal efforts. They can make the customers they defrauded whole and they can do something to fix the damage they wreaked on our environment. And they should be punished for breaking laws on top of reparations. Anything less is a neoliberal blowjob to a company which cannot compete fairly inside the U.S.
  • VW passenger diesel owners need additional protections (Reuters) — The current settlement offered by VW in federal court does not provide a secondary level of protection to consumers says the consumer advocacy journal, needed if the proposed fix to the emissions cheating diesel vehicles does not work. These vehicle owners should be able to opt for buy-back. The amount offered also undervalues retail prices on alternative replacement vehicles, Consumer Reports said in its submission during the public comment period which ended today.

    Consumer Reports said it generally supported the settlement, but urged “regulators to wield robust oversight of Volkswagen to ensure that the company implements its recall, investment, and mitigation programs appropriately” and it called on “federal and state officials to assess tough civil penalties and any appropriate criminal penalties against the company in order to hold it fully accountable.”

  • South Korea halts sales of 80 VW vehicle models (NBCNews) — This is what the U.S. could have done to VW given the scale of fraud, emissions cheating, and the lack of actual “clean diesel” passenger technology available to remedy both 2.0L and 3.0L engine vehicles. The 80 models now banned for non-compliance with emissions and noise pollution laws as well as document forgery include VW, Audi and Bentley vehicles. VW has also been slapped with $16.06 million fine, which is extremely light considering VW broke not only emissions laws while fraudulently misrepresenting the vehicles’ attributes.
  • West Virginia’s suit against VW amended (Hastings Tribune) — WVa Attorney General expanded the suit to include VW parent group as well as Audi and Porsche brands. Bosch, the manufacturer of VW’s electronic control units which were programmed to defeat emissions controls, is included in the lawsuit.
  • Fewer Americans buying VW vehicles (Business Insider) — No surprise, given the emissions controls cheating scandal, the pricey labels, iffy reliability, and a product lineup that doesn’t match the U.S.’ market demand. It may be a long time before VW digs itself out of its hole here.

NOT Volkswagen:

  • Two Houston thieves hack Jeep and Dodge cars (Phys.org) — Hacking pirated computer software used by auto technicians and dealers, two men tweaked Fiat Chrylser model vehicles’ security codes so their key worked. The thieves were picked up driving a stolen Jeep Grand Cherokee after police focused on an area where a high number of vehicle thefts occured.
  • White hat hackers proved Chrysler’s anti-hack update breachable (The Register) — Last year Charlie Miller and Chris Valasek showed Fiat Chrysler’s wireless feature could be hacked remotely to take control of a car. At Black Hat 2016 this week the same duo showed how they could defeat Fiat Chrysler’s firmware update which the automaker pushed to patch the vulnerability. But in terms of ease and speed, the two thieves in Houston might actually have a faster approach to taking control of a vehicle.
  • 28-year-old cracks up his brother’s car while playing Pokémon GO (The Guardian) — Dude. Really? You’re lucky to be alive or that you didn’t kill someone else. This is the kind of generational stupid old-man-yelling-at-clouds Clint Eastwood should take a poke at instead of doubling down on his closeted racism.
  • Self-driving feature in Tesla X may have saved its driver (CNBC) — Driver suffered a pulmonary embolism while on the road; the vehicle took him to the hospital. Article says the driver “was able to steer the car the last few meters” suggesting he was conscious and in control if limited in capacity. No further details were included to describe how the vehicle switched from its original route to the hospital.

Because opening ceremonies begin tonight at the Rio Olympics, I’ll leave you here. Catch you Monday — have a safe and restful weekend!

Tear Up Texas, Tear Up Another Encryption Claim

/in /by

Both the Intercept and the Daily Beast have reported on this eye-popping exchange from the criminal complaint charging Erick Hendricks with conspiracy to provide material support for terrorism, showing an undercover FBI employee advising one of the future Garland gunmen to “tear up Texas” in the days before the attack.

[Allegedly] Elton Simpson: Did u see that link I posted? About texas? Prob not.

UCE: [states he doesn’t have Simpson’s Twitter handle]

Simpson: [posts link to Draw Prophet Mohammed Contest

UCE: Tear up Texas.

Simpson: Bro, u don’t have to say that… U know what happened in Paris… I think … Yes or no …?

UCE: Right

Simpson: So that goes without saying … No need to be direct.

[snip]

UCE-1 subsequently traveled to Garland, Texas and was present on or about May 3, 2015, at the event.

[snip]

UCE-1 claimed to have been the “eyes” of Hendricks, to have seen Simpson and Soofi be killed, and stated that “Cops almost shot me.”

In other words, FBI had an officer onsite, scoping out the event, who was in communication with both Elton Simpson and Hendricks, the latter of whom may have been inciting a disruption (the evidence doesn’t clearly support he ordered the attack, though it is certainly possible; the complaint accuses hid of conspiring with someone DB IDed as Amir Said Abdul Rahman al-Ghazi, a cooperating witness, not the Garland shooters). Indeed, the undercover officer encouraged the attack with his “Tear up Texas.”

This raises big questions about the attack itself. But it also raises questions about a claim Jim Comey made in December 2015, when arguing about the dangers of encryption.

That morning, before one of those terrorists left and tried to commit mass murder, he exchanged 109 messages with an overseas terrorist. We have no idea what he said, because those messages were encrypted.

That’s interesting because the affidavit provides extensive details, based in part on Amir Said Abdul Rahman Al-Ghazi’s admissions to law enforcement, and based in part on one of Simpson’s phones obtained by the FBI, how Hendricks would coach people to move back and forth from Twitter to three other “secret” (presumably encrypted) messaging apps, as well as either Tor or a VPN. Certainly, the FBI has Simpson’s side of “secret” conversations. There’s no mention of the other Garland shooter, Nadir Soofi, but the affidavit at least appears to suggest Hendricks was playing a key broker role. So any communications with him would presumably be partly mirrored in what the Garland shooters said. Certainly, the FBI has a great deal of metadata that has been useful in filling in the network its 4 informants and 1 undercover officer haven’t already filled in.

That doesn’t mean the FBI was then or has since been able to crack these 109 encrypted messages.

But the claim sounds a lot less alarming when you say, “We weren’t able to decrypt 109 social media messages though we were watching other messages in real time and had an FBI officer present at the attack.”

Thursday: Move

/10 Comments/in , , , /by

Need something easy on the nerves today, something mellow, and yet something that won’t let a listener off too lightly. Guess for today that’s John Legend’s Tiny Desk Concert.

I promised reindeer tales today, haven’t forgotten.

From Anthrax to Zombies

  • First outbreak in 75 years forces evacuation of reindeer herders (The Siberian Times) — The last outbreak in the Siberian tundra was in 1941; news of this outbreak broke across mainstream media this past week, with some outlets referring to it as a “zombie” infection since it came back from dormancy, likely rising from a long-dead human or animal corpse.
  • Infected reindeer corpses to be collected and destroyed (The Barent Observer) — A lot of odd details about anthrax and its history pop up as the outbreak evolves. Like the mortality rate for skin anthrax (24%) and the alleged leak of anthrax from a Soviet bio-warfare lab in 1979. Reindeer deaths were blamed initially on unusually warm weather (~30C); the same unusually warm weather may have encouraged the release of long-dormant anthrax from the tundra.
  • Siberian outbreak may have started five weeks earlier (The Siberian Times) — Russia’s Federal Service for Veterinary and Phytosanitary Surveillance senior official is angry about the slow response to the first diagnosis; the affected region does not have strong veterinary service, and it took a herder four days’ walk across the tundra to inform authorities about an infection due to a lack of communications technology. The situation must be serious as the Health Minister Veronika Skvortsova has now been vaccinated against anthrax. Reports as of yesterday indicate 90 people have been hospitalized, 23 of which have been diagnosed with anthrax, and one child died. The form most appear infected with is intestinal; its mortality rate is a little over 50%. Infection is blamed on anthrax-contaminated meat; shipment of meat from the area is now banned. Russian bio-warfare troops have established a clean camp for the evacuated herder families until the reindeer corpses have been disposed of and inoculations distributed across the area’s population.
  • Important: keep in mind this Siberian outbreak may be unusual for its location, but not across the globe. In the last quarter there have been small anthrax outbreaks in Indonesia, Kazakhstan, Kenya, Bangladesh, and Bulgaria. Just search under Google News for “anthrax” stories over the last year.
  • Coincidentally, anthrax drug maker filed and received FDA’s ‘orphan status’ (GlobeNewsWire) — There have been so few orders for anthrax prophylaxis vaccine BioThrax that specialty biopharmaceutical company Emergent BioSolutions requested ‘orphan status’ from the FDA, granted to special therapies for rare conditions affecting less than 200,000 persons in the U.S. The status was awarded mid-June.
  • Investor sues anthrax drug maker for misleading expectations (Washington Business Journal) — Suit filed against the company and executives claims Emergent BioSolutions mislead investors into thinking the company would sell as many doses of BioThrax to the U.S. government during the next five years as the preceding five years. On the face of it, investor appears to expect Emergent BioSolutions to predict both actual vaccine demand in advance along with government funding (hello, GOP-led Congress?) and other new competitors in the same marketspace. Seems a bit much to me, like the investor feels entitled to profits without risk. Maybe they’ll get lucky and climate change will increase likelihood of anthrax infections — cha-ching.
  • Another coincidence: Last Friday marked 8 years since anthrax researcher Bruce Ivin’s death (Tulsa World) — And this coming Saturday marks six years since the FBI released its report on the anthrax attacks it blamed on Ivins.

Cybernia

  • Facebook let police shut down feed from negotiations resulting in another civilian-death-by-cop (The Mary Sue) –Yeah, we wouldn’t want to let the public see the police use deadly force against an African American mother and her five-year-old child instead of talking and waiting them out of the situation as they do so many white men in armed confrontations. And now police blame Instagram for her death. Since when does using Instagram come with an automatic death warrant?
  • Can GPS location signals be spoofed? Yep. (IEEE) — It’s possible the U.S. Navy patrol boats caught in Iran’s waters may have relied on spoofed GPS; we don’t know yet as the “misnavigating” incident is still under investigation. This article does a nice job explaining GPS spoofing, but it leaves us with a mystery. GPS signals are generated in civilian and military formats, the first is unencrypted and the second encrypted. If the “misnavigated” patrol boats captured by Iran in January were sent spoofed GPS location data, does this mean U.S. military encryption was broken? The piece also ask about reliability of GPS given spoofing when it comes to self-driving, self-navigating cars. Oh hell no.
  • Security firm F-Secure releases paper on trojan targeting entities involved in South China Sea dispute (F-Secure) — The Remote Access Trojan (RAT) has been called NanHaiShu, which means South China Sea Rat. The RAT, containing a VBA macro that executes an embedded JScript file, was spread via email messages using industry-specific terms. The targets were deliberately selected for spearfishing as the senders knew the users did not lock down Microsoft Office’s default security setting to prevent macro execution. The malware had been in the wild for about two years, but its activity synced with events related to the South China Sea dispute.

Tomorrow’s Friday, which means jazz. Guess I’d better start poking around in my files for something good. Catch you later!

Tuesday: Allez Vous F

/18 Comments/in , , /by

J’adore Stromae. I’m not in the hip hop demographic, but Stromae — whose real name is Paul Van Haver — pulls me in. This multi-talented artist born to a Rwandan father and a Belgian mother pulls together multiple genres of music laced with compelling au courant lyrics presented with stunning visual effects — how could I not love him?

This particular song, Papatouai, has a strong psychic undertow. This song asks where Papa is; the lyrics and video suggest an emotionally or physically distant father. Van Haver’s own father was killed in the Rwandan genocide when he was not yet ten years old. Is this song about his own father, or about inaccessible fathers in general? The use of older African jazz rhythms emphasizes retrospection suggesting a look backward rather than forward for the missing father figure(s). More than a third of a billion views for this video say something important about its themes.

Much of Stromae’s work is strongly political, but it conveys the difficulty of youth who are multi-racial/multi-ethnic unsatisfied with the binaries and economic injustices forced on them by oldsters. A favorite among kids I know is AVF (Allez Vous Faire):

“Allez vous faire!”
Toujours les mêmes discours, toujours les mêmes airs,
Hollande, Belgique, France austère.
Gauches, ou libéraux, avant-centres ou centristes,
Ça m’est égal, tous aussi démagos que des artistes.

Go fuck yourselves!
Always the same words, always the same airs.
Holland, Belgium, France, austere.
Right or Left? Moderate or Extremist?
They’re all the same to me – the demagogues and the artists.

Remarquable et pertinent, non? I’m also crazy about Tous Les Mêmes, a trans- and cis-feminist song with a marvelous old school Latin beat simmering with frustration. But there’s not much I don’t like by Stromae; I can’t name a song I wouldn’t listen to again and again.

If you’re ready for more Stromae, try his concert recorded in Montreal this past winter. So good.

Expedition to the Cyber Pass

  • UK wireless firm O2 customer data breached and sold (BBC) — O2 customers who were gamers at XSplit had their O2 account data stolen. The approach used, credential stuffing, relies on users who employ the same password at multiple sites. Wonder how Verizon’s recent hiring of O2’s CEO Ronan Dunne will play out during the integration of Yahoo into Verizon’s corporate fold, given Verizon’s data breach? Will Dunne insist on mandatory 2FA policy and insure Verizon and Yahoo accounts can’t use the same passwords?
  • Speaking of Yahoo: 200 million credentials for sale (Motherboard) — Yahoo’s Tumblr had already been involved in a massive breach, now there’s Yahoo accounts available on the dark web. Given the Verizon breach already mentioned, it’s just a matter of time before these accounts are cross-matched for criminal use.
  • Oracle’s not-so-good-very-bad-too-many 276 vulnerabilities patched (Threatpost) — Whew. Two. Hundred. Seventy. Six. That’s a lot of risk. Good they’re all patched, but wow, how did Oracle end up with so many to begin with? Some of them are in products once owned by Sun Microsystems, including Java. Maybe Oracle ought to rethink Java’s licensing and work with the software community to develop a better approach to patching Java?
  • F-35 ready, says USAF — kind of (Bloomberg) — Massively expensive combat jet now up for ‘limited combat use’, except…

    The initial aircraft won’t have all the electronic combat, data fusion, weapons capacity or automated maintenance and diagnostics capabilities until the most advanced version of its complex software is fielded by 2018.

    Uh, what the hell did we spend a gazillion-plus bucks on if we don’t have aircraft with competitive working electronics?

Light load today, busy here between getting youngest ready for college and primary day in Michigan. YES, YOU, MICHIGANDER, GO VOTE IN THE PRIMARY! Polls close at 8:00 p.m. EDT, you still have time — check your party for write-in candidates. You can check your registration, precinct, ballot at this MI-SOS link.

The rest of you: check your own state’s primary date and registration deadlines. Scoot!

Did Wikileaks Do US Intelligence Bidding in Publishing the Syria Files?

/34 Comments/in , /by

Consider this nutty data point: between CNN’s Reliable Sources and NBC’s Meet the Press, Julian Assange was on more Sunday shows today than John McCain, with two TV appearances earlier this week.

Sadly, even in discussions of the potential that the DNC hack-plus-publication amounts to tampering with US elections, few seem to understand that evidence at least suggests that Wikileaks — not its allegedly Russian source — determined the timing of the release to coincide with the Democratic National Convention. Guccifer 2, at least, was aiming to get files out earlier than Wikileaks dumped them. So if someone is tampering, it is Julian Assange who, I’ve noted, has his own long-standing gripes with Hillary Clinton (though he disclaims any interest in doing her harm). If his source is Russia, that may just mean they had mutual interest in the publication of the files; but Assange claims to have determined the timing.

Since Wikileak’s role in the leak has been downplayed even as Assange has made the media rounds, since the nation’s spooks claim that publishing these documents is what makes it different, I want to consider this exchange Assange had with Chuck Todd:

CHUCK TODD:

All right. Let me ask you this. Do you, without revealing your source on this, do you accept information and leaked documents from foreign governments?

JULIAN ASSANGE:

Well, our publishing model means that what we publish is guaranteed to be true. That’s what we’re concerned about. That’s what our readers are concerned about. That’s the right of the general public, to not–

[snip]

CHUCK TODD:

Does that not trouble you at all, if a foreign government is trying to meddle in the affairs of another foreign government?

JULIAN ASSANGE:

Well, it’s an interesting speculative question that’s for the press and others to perhaps–

CHUCK TODD:

That doesn’t bother you? That is not part of the WikiLeaks credo?

JULIAN ASSANGE:

Well, it’s a meta story. If you’re asking would we accept information from U.S. intelligence that we had verified to be completely accurate, and would we publish that, and would we protect our sources in U.S. intelligence, the answer is yes, of course we would. [my emphasis]

Sure, at one level this is typical Assange redirection. When Todd asked if he’d accept files from Russia, Assange instead answered that he would accept them from the United States.

But it may not be so farcical as it seems. Consider the case of the Syria Files Wikileaks posted in spring 2012, at the beginning of the time the US was engaging in covert operations in Syria. They contained embarrassing information on Bashar al-Assad, his wife, and close associates, as well as documents implicating western companies that had facilitated Assad’s repression. Even at the time, people asked if the files were a western intelligence pys-op, though they were explicitly sourced to various factions of Anonymous. Then, between Jeremy Hammond and Sabu’s sentencing processes, it became clear that in January 2012, the latter identified targets for Anonymous hackers, targets that include the Syrian government.

An informant working for the F.B.I. coordinated a 2012 campaign of hundreds of cyberattacks on foreign websites, including some operated by the governments of Iran, Syria, Brazil and Pakistan, according to documents and interviews with people involved in the attacks.

Exploiting a vulnerability in a popular web hosting software, the informant directed at least one hacker to extract vast amounts of data — from bank records to login information — from the government servers of a number of countries and upload it to a server monitored by the F.B.I., according to court statements.

[snip]

The sentencing statement also said that Mr. Monsegur directed other hackers to give him extensive amounts of data from Syrian government websites, including banks and ministries of the government of President Bashar al-Assad. “The F.B.I. took advantage of hackers who wanted to help support the Syrian people against the Assad regime, who instead unwittingly provided the U.S. government access to Syrian systems,” the statement said.

What’s not known (as multiple reports say is still not known about the DNC hack) is whether the specific files the Sabu-directed Anonymous hackers obtained were the same ones that Wikileaks came to publish, though the timing certainly works out. It’s a very distinct possibility. In which case Assange’s comment may be more than redirection, but instead a reminder that Wikileaks has played the analogous role in US-directed hack-and-publish operation, one designed to damage Assad and his western allies. If those documents did ultimately come via FBI direction of Sabu, then Assange might be warning US spooks that their own similar actions could be exposed if he were asked to reveal more about any Russian role in the DNC hack.

Two (Three, Four?) Data Points on DNC Hack: Why Does Wikileaks Need an Insurance File?

/15 Comments/in , /by

Actually, let me make that three data points. Or maybe four.

First, Reuters has reported that the DCCC has also been hacked, with the hacker apparently believed to be the same entity (APT28, also believed to be GRU). The hackers created a spoof version of ActBlue, which donors use to give money to campaigns.

The intrusion at the group could have begun as recently as June, two of the sources told Reuters.

That was when a bogus website was registered with a name closely resembling that of a main donation site connected to the DCCC. For some time, internet traffic associated with donations that was supposed to go to a company that processes campaign donations instead went to the bogus site, two sources said.

The sources said the Internet Protocol address of the spurious site resembled one used by Russian government-linked hackers suspected in the breach of the DNC, the body that sets strategy and raises money for the Democratic Party nationwide.

That would mean hackers were after either the donations themselves, the information donors have to provide (personal details including employer and credit card or other payment information), or possibly the bundling information tied to ActBlue.

Second, Joe Uchill, who wrote one of the stories — on two corrupt donors to the Democratic Party — that preceded both publication at the Guccifer 2 site and Wikileaks, said Guccifer gave him the files for the story because Wikileaks was dawdling in publishing what they had.

Screen Shot 2016-07-29 at 12.59.01 PM
Guccifer posted some of the documents Uchill used here.

This detail is important because it says Julian Assange is setting the agenda (and possibly, the decision to fully dox DNC donors) for the Wikileaks release, and that agenda does not perfectly coincide with Guccifer’s (which is presumed to be a cut-out for GRU).

As I’ve noted, Wikileaks has its own beef with Hillary Clinton, independent of whom Vladimir Putin might prefer as President or any other possible motive for Russia to do this hack.

Now consider this bizarre feature of several high level leak based stories on the hack: the claim of uncertainty about how the files got from the hackers to Wikileaks. This claim, from NYT, seems bizarrely stupid, as Guccifer and Wikileaks have both said the former gave the latter the files.

The emails were released by WikiLeaks, whose founder, Julian Assange, has made it clear that he hoped to harm Hillary Clinton’s chances of winning the presidency. It is unclear how the documents made their way to the group. But a large sampling was published before the WikiLeaks release by several news organizations and someone who called himself “Guccifer 2.0,” who investigators now believe was an agent of the G.R.U., Russia’s military intelligence service

The claim seems less stupid when you consider these two cryptic comments from two equally high level sourced piece from WaPo. In a story on FBI’s certainty Russia did the hack(s), Ellen Nakashima describes that the FBI is less certain that Russia passed the files to Wikileaks.

What is at issue now is whether Russian officials directed the leak of DNC material to the anti-secrecy group WikiLeaks — a possibility that burst to the fore on the eve of the Democratic National Convention with the release of 20,000 DNC emails, many of them deeply embarrassing for party leaders.

The intelligence community, the officials said, has not reached a conclusion about who passed the emails to WikiLeaks.

“We have not drawn any evidentiary connection to any Russian intelligence service and WikiLeaks — none,” said one U.S. official. Doing so will be a challenge, in part because the material may not have been passed electronically. [my emphasis]

The claim appears this way in a more recent report.

The bureau is trying to determine whether the emails obtained by the Russians are the same ones that appeared on the website of the anti-secrecy group WikiLeaks on Friday, setting off a firestorm that roiled the party in the lead-up to the convention.

The FBI is also examining whether APT 28 or an affiliated group passed those emails to WikiLeaks, law enforcement sources said.

Now, the doubts about whether the files were passed electronically is thoroughly fascinating. I assume the NSA has Assange — and potentially even the Wikileaks drop — wired up about 100 different ways, so the questions about whether the files were passed electronically may indicate that they didn’t see them get passed in such a fashion.

Add in the question of whether they’re even the same emails! We know the DCCC hack is targeting donor information. The Wikileaks release included far more than that. Which raises the possibility GRU is only after donor information (which is part of, but just one part of, what Guccifer has released).

But then there’s this detail. On June 17, Wikileaks released an insurance file — a file that will be automatically decrypted if Wikileaks is somehow impeded from releasing the rest of the files. It has been assumed that the contents of that file are just the emails that were already released, but that is almost certainly not the case. After all, Wikileaks has already released further documents (some thoroughly uninteresting voice mails that nevertheless further impinge on the privacy of DNC staffers). They have promised still more, files they claim will be more damaging. Indeed, Wikileaks claims there’s enough in what they have to indict Hillary, though such claims should always be taken with a grain of salt. Correction: That appears to have been a misunderstanding about what Assange said about the previously released State emails.

But here’s the other question.

There’s no public discussion of Ecuador booting Assange from their Embassy closet (though I’m sure they’re pretty tired of hosting him). His position — and even that of Wikileaks generally — seems pretty stable.

So why does Assange believe they need an insurance file? I don’t even remember the last time they issued an insurance file (update: I think it was when they released an insurance file of Chelsea Manning’s documents). So is there someone else in the process that needs an insurance file? Is there someone else in the process that would use the threat of full publication of the files (which presumably is going to happen anyway) to ensure safety?

I’ll leave that question there.

That said, these data point confirms there are at least two players with different motivations: Wikileaks, and the Russian hackers. But the FBI isn’t even certain whether the files the Russians took are the same that Wikileaks released, which might suggest a third party.

Meanwhile, James Clapper (who thankfully is willing to poo poo claims that hacks that we ourselves do are unique) seems very interested in limiting the panic about this hack.

Update: Oh! I forgot this fifth data point. This absolutely delightful take-down of Debbie Wasserman Schultz includes this claim that Wikileaks has malware in its site, which I’ve asked around and doesn’t seem to be true.

Staff members were briefed in a Tuesday afternoon meeting in Washington that their personal data was part of the hack, as were Social Security numbers and other information for donors, according to people who attended. Don’t search WikiLeaks, they were told — malware is embedded throughout the site, and they’re looking for more data.

Who told the DNC Wikileaks is releasing malware, and why?

Update: here’s what the malware claim is about: When it posted the “AKP emails,”  WL either added or did not remove a bunch of malware included in those emails, and as a result, that malware is still posted at the site. That is, the malware is associated with a separate set of documents available at the site.

Friday: Possibility

/13 Comments/in , , , /by

Let’s try a Swedish import today, a little something I can’t really classify by a particular genre. This piece is one of my favorites, one of the most haunting tunes I’ve ever heard. It’s probably dream pop for lack of a better label. Lykke Li’s most popular works tend toward indie and synth-pop, sharing a strong rhythm and English lyrics melded with Lykke Li’s unearthly vocals.

Try out I Follow Rivers (dance/synth-pop) and Sadness Is A Blessing (retro indie pop) for comparison. The latter in particular has a funky video featuring another famous Swedish artist, Stellan Skarsgård. Love his understated effort which acts like a punctuation to the singer’s work.

Speaking of Sweden…

Carl Bildt, a former prime minister of Sweden (1991-1994) and former Minister for Foreign Affairs (2006-2014), tweeted on Wednesday:

I never thought a serious candidate for US President could be a serious threat against the security of the West. But that’s where we are.

Bildt is known for his conservative politics and neoliberal business ethics. Pretty sure he wasn’t referring to Clinton.

Turkic troubles

  • Insane numbers of people arrested or detained after Turkey’s anti-Gülenist crackdown (EWN) — Graphic in article offers a breakdown. Doesn’t break out the journalists arrested; see Mahir Zeynalov’s timeline for a journo-by-journo roll call.
  • UN Special Rapporteur and OSCE worried about Turkey’s journalists (OSCE) — UN Special Rapporteur on the right to freedom of opinion and expression and the Organization for Security and Cooperation in Europe Representative on Freedom of the Media condemned President Erdoğan’s purge of journalism attacking free speech. The numbers bolster their concerns:

    Reports indicate that the Government ordered the closure of three news agencies, 16 TV channels, 23 radio channels, 45 papers and 15 magazines. Since the attempted coup, authorities have issued arrest warrants against 89 journalists and have already arrested several of them, blocked access to more than 20 news websites, revoked the licenses of 29 publishing houses, and cancelled a number of press accreditations.

  • Generals stepped down as military rejiggered (Euronews) — Looks like the president is grabbing power over the military in the same way the judiciary’s independence has now been smashed by removals from office. Hey, anybody worried at all about Incirlik air base while the Turkish military is reformulated?

Economic emesis

  • Investors ‘totally lost’ (Business Insider) — Credit Suisse’s clients are casting about for direction because there’s no strong performance in the market across any industry, and indicators are confusing:

    Here’s a summary of what clients are worried about: workers fighting back in the US, hitting earnings; equities still not cheap; US growth mixed; China still screwed; central banks’ empty policy cupboards; politics being nuts (protectionism, anti-immigration moves, anticorporate feeling); and technology running rampant and destroying business models.

    Yeah, about the “workers fighting back”…perhaps if workers were better paid, making a living wage, all of the confusion would evaporate as consumption improved. There’s a reason home ownership rates have dropped below 1965 levels and it’s not because Millennials don’t want them (really crappy blame-casting, CNBC, catch the cluestick).

  • Nevada utilities commish not reappointed due to solar energy rate structure (Las Vegas Sun) — Something about this story tweaks my hinky-meter. Maybe a certain commissioner has friends who don’t want solar energy to become competitive? Which is really a shame considering the Tesla’s new Wonderwall battery plant now in the Reno area.
  • Five-year-long shortage of cancer drug forces reliance on disqualified Chinese maker (Bloomberg) — There’s been a shortage of doxorubicin since 2011, and companies the size of Pfizer — the largest pharma company in the world — rely on a facility in China banned by the FDA because of quality problems like contamination. What the hell is wrong with this picture?
  • Kazahk emigre sentenced for export violations (The Hill) — How did this guy pull off exporting dual-use technology to Russia for ten years? Doesn’t look like it took much effort based on available information. Have we cut regulatory oversight so much and been so distracted at the same time that we’ve given away the farm?

Something STEMmed

  • TSA’s keys compromised (TechCrunch) — Hacking’s not just for software. All seven of TSA’s master keys have been cloned; anybody can 3D print one and unlock baggage with TSA-approved padlock. Why even bother locking stuff? Of course bags can be so damaged during handling the lock may be worthless anyhow. Makes you wonder how many other physical security devices can be defeated with 3D printing.
  • Bees’ sperm dramatically affected by insecticides (SFGate) — Hey dudes, especially you in Congress. Maybe you ought to ask if insecticides reduce bees’ sperm production by 40% whether human sperm might also be similarly affected? Just sayin’.
  • Huge great white shark trolls family’s boat off east coast (Cape Cod Chronicle) — But there’s an app for that; they could ‘see’ him coming, thanks to an app which monitored the tag. Mixed feelings on this: glad the family was safe, but jeepers, how else can this tag be used?

Oikonomia
How screwed up is the United Kingdom post-referendum vote and how jacked up is the current economic system, when a disabled theoretical physicist and cosmologist must beg in an op-ed for his country to reconsider its understanding and reaction to wealth?

Worth recalling the word ‘economics’ originated from the Greek ‘oikonomia’, meaning “household management.”

Have a safe, relaxing weekend!