Posts

Minority Report: A Look at Timing of WannaCry and Trump’s Spillage

CAVEAT: Note well these two points before continuing —

1) Check the byline; this is Rayne, NOT Marcy; we may have very different opinions on matters in this post.

2) This post is SPECULATIVE. If you want an open-and-shut case backed by unimpeachable evidence this is not it. Because it addresses issues which may be classified, there may never be publicly-available evidence.

Moving on…

Like this past week’s post on ‘The Curious Timing of Flynn Events and Travel Ban EO‘, I noticed some odd timing and circumstances. Event timing often triggers my suspicions and the unfolding of the WannaCry ransomware attack did just that. WannaCry didn’t unfold in a vacuum, either.

Timeline (Italics: Trump spillage)

13-AUG-2016 — Shadow Brokers dumped first Equation Group/NSA tools online

XX-XXX-201X — Date TBD — NSA warned Microsoft about ETERNALBLUE, the exploit which Microsoft identified as MS17-010. It is not clear from report if this warning occurred before/after Trump’s inauguration.

XX-FEB-2017 — Computer security firm Avast Software Inc. said the first variant of WannaCry was initially seen in February.

14-MAR-2017 — Microsoft released a patch for vulnerability MS17-010.

14-APR-2017 — Easter weekend — Shadow Brokers dumps Equation Group/NSA tools on the internet for the fifth time, including ETERNALBLUE.

(Oddly, no one noted the convenience to Christian countries celebrating a long holiday weekend; convenient, too, that both western and eastern Orthodox Christian sects observed Easter on the same date this year.)

10-MAY-2017White House meeting between Trump, Foreign Minister Sergei Lavrov, and Ambassador Sergey Kislyak. No US media present; Russian media outlet TASS’ Washington bureau chief and a photographer were, however.

12-MAY-2017 — ~8:00 a.m. CET — Avast noticed increased activity in WannaCry detections.

[graphic: Countries with greatest WannaCry infection by 15-MAY-2017; image via Avast Software, Inc.]

12-MAY-2017 — 3:24 a.m. EDT/8:24 a.m. BST London/9:24 a.m. CET Madrid/10:24 a.m. MSK Moscow — early reports indicated telecommunications company Telefonica had been attacked by malware. Later reports by Spanish government said, “the attacks did not disrupt the provision of services or network operations…” Telefonica said the attack was “limited to some computers on an internal network and had not affected clients or services.”

12-MAY-2017 — 10:00 a.m. CET — WannaCry “escalated into a massive spreading,” according to Avast.

12-MAY-2017 — timing TBD — Portugal Telecom affected as was UK’s National Health Service (NHS). “(N)o services were impacted,” according to Portugal Telecom’s spokesperson. A Russian telecom firm was affected as well, along with the Russian interior ministry.

12-MAY-2017 — ~6:23 p.m. BST — Infosec technologist MalwareTechBlog ‘sinkholes’ a URL to which WannaCry points during execution. The infection stops spreading after the underlying domain is registered.

13-MAY-2017 — Infosec specialist MalwareTechBlog posts a tick-tock and explainer outlining his approach to shutting down WannaCry the previous evening

15-MAY-2017 — ~5:00 p.m. EDT — Washington Post reported Trump disclosed classified “code worded” intelligence to Lavrov and Kislyak during his meeting the previous Wednesday.

16-MAY-2017 — National Security Adviser H. R. McMaster said “I wanted to make clear to everybody that the president in no way compromised any sources or methods in the course of this conversation” with Lavrov and Kislyak. But McMaster did not say information apart from sources or methods had been passed on; he did share that “‘the president wasn’t even aware of where this information came from’ and had not been briefed on the source.”

The information Trump passed on spontaneously with the Russian officials was related to laptop bomb threats originating from a specific city inside ISIS-held territory. The city was not named by media though it was mentioned by Trump.

16-MAY-2017 — Media outlets reported Israel was the ally whose classified intelligence was shared by Trump.

Attack attribution

You’ll recall I was a skeptic about North Korea as the source of the Sony hack. There could be classified information cinching the link, but I don’t have access to it. I remain skeptical since Sony Group’s entities leaked like sieves for years.

I’m now skeptical about the identity of the hacker(s) behind WannaCry ransomware this past week.

At first it looked like Russia given Cyrillic character content within the malware. But this map didn’t make any sense. Why would a Russian hacker damage their own country most heavily?

[graphic: WannaCry distribution; image via BBC]

The accusations have changed over time. North Korea has been blamed as well as the Lazarus Group. Convenient, given the missile test this past week which appeared focused on rattling Russia while President Putin was attending a conference in China. And some of the details could be attributed to North Korea.

But why did the ransomware first spread in Spain through telecom Telefonica? Why did it spread to the UK so quickly?

This didn’t add up if North Korea is the origin.

Later reports said the first infections happened in western Asia; the affected countries still don’t make sense if North Korea is the perpetrator, and/or China was their main target.

Malware capability

Given the timing of the ransomware’s launch and the other events also unfolding concurrently — events we only learned about last evening — here’s what I want to know:

Can vulnerability MS17-010, on which WannaCry was based, be used as a remote switch?

Think about the kind and size of laptops still running Windows XP and Windows 8, the operating systems Microsoft had not patched for the Server Message Block 1.0 (SMBv1) vulnerability. They’re not the slim devices on which Windows 10 runs; they’re heavier, more often have hard disk drives (HDDs) and bulkier batteries. I won’t go into details, but these older technologies could be replaced by trimmer technologies, leaving ample room inside the laptop case — room that would allow an older laptop to host other resources.

Let’s assume SMBv1 could be used to push software; this isn’t much of an assumption since this is what WannaCry does. Let’s assume the software looks for specific criteria and takes action or shuts down depending on what it finds. And again, it’s not much of an assumption based on WannaCry and the tool set Shadow Brokers have released to date.

Let’s assume that the software pushed via SMBv1 finds the right criteria in place and triggers a detonation.

Yes. A trigger. Not unlike Stuxnet in a way, though Stuxnet only injected randomness into a system. Nowhere near as complicated as WannaCry, either.

Imagine an old bulky laptop running Windows XP, kitted out internally as an IED, triggered by a malware worm. Imagine several in a cluster on the same local network.

Is this a realistic possibility? I suspect it is based on U.S. insistence that a thinly-justified laptop ban on airplanes is necessary.

Revisit timing

Now you may grasp why the timing of events this past week gave me pause, combined with the details of location and technology.

The intelligence Trump spilled to Lavrov and Kislyak had been linked to the nebulous laptop threat we’ve heard so much about for months — predating the inauguration. Some outlets have said the threat was “tablets and laptops” or “electronic devices” carried by passengers onto planes, but this may have been cover for a more specific threat. (It’s possible the MS17-010 has other counterparts not yet known to public so non-laptop threats can’t be ruled out entirely.)

The nature of the threat may also offer hints at why an ally’s assets were embedded in a particular location. I’ll leave it to you to figure this out on your own; this post has already spelled out enough possibilities.

Trump spilled, the operation must be rolled up, but the roll up also must include closing backdoors along the way to prevent damage if the threat has been set in motion by Trump’s ham-handed spillage.

Which for me raises these questions:

1) Was Shadow Brokers the force behind WannaCry — not just some hacker(s) — and not just the leaking of the underlying vulnerability?

2) Was WannaCry launched in order to force telecoms and enterprise networks, device owners, and Microsoft to patch this particular vulnerability immediately due to a classified ‘clear and present danger’?

3) Was WannaCry launched to prevent unpatched MS17-010 from being used to distribute either a malware-as-trigger, or to retaliate against Russia — or both? The map above shows a disproportionate level of impact suggesting Russia was a potential target if secondary to the operation’s aim. Or perhaps Russia screwed itself with the intelligence entities behind Shadow Brokers, resulting in a lack of advance notice before WannaCry was unleashed?

4) Was WannaCry launched a month after the Shadow Brokers’ dump because there were other increasing threats to the covert operation to stop the threat?

5) Are Shadow Brokers really SHADOW BROKERS – a program of discrete roll-up operations? Is Equation Group really EQUATION GROUP – a program of discrete cyber defense operations united by a pile of cyber tools? Are their interactions more like red and blue teams?

6) Is China’s response to WannaCry — implying it was North Korea but avoiding directly blaming them — really cover for the operation which serves their own (and Microsoft’s) interests?

The pittance WannaCry’s progenitor raised in ransom so far and the difficulty in liquidating the proceeds suggests the ransomware wasn’t done for the money. Who or what could produce a snappy looking ransomware project and not really give a rat’s butt about the ransom?

While Microsoft complains about the NSA’s vulnerability hording, they don’t have much to complain about. WannaCry will force many users off older unsupported operating systems like XP, Win 7 and 8, and Windows Server 2003 in a way nothing else has done to date.

[graphic: 5-year chart, MSFT performance via Google Finance]

Mother’s Day ‘gift’?

I confess I wrestled with writing this; I don’t want to set in motion even more ridiculous security measures that don’t work simply because a software company couldn’t see their software product had an inherent risk, and at least one government felt the value of that risk as a tool was worth hiding for years. It’s against what I believe in — less security apparatus and surveillance, more common sense. But if a middle-aged suburban mom in flyover country can line up all these ducks and figure out how it works, I could’t just let it go, either.

Especially when I figured out the technical methodology behind a credible threat on Mother’s Day. Don’t disrespect the moms.

Wednesday: Time Travel

In this roundup: A short film about a mother’s time travel adventure, the Internet of Stupid Things, and more.

Read more

Tuesday: En Garde

Looks like it’s going to be a thing this week, covering women in sports. This is a marvelous example of covering a female competitor, this short film profiling U.S. Women’s Individual Foil fencer Nzingha Prescod — it’s about her and her approach to her sport, period. Does she sound like somebody who doesn’t care about the results of competition, like she’d rather have narrative surrounding it?

Her next match is tomorrow at 8:10 a.m.; I wish I could catch it live online.

[Journalism 101 fail again -- who are these competitors and what country do they play for? Which sport is this?]

[Journalism 101 fail again — who are these competitors and what country do they play for? Which sport is this?]

Another example of crappy coverage comes from BBC — can’t imagine why the UK became so white nationalist, can you? Let’s not note the countries or the individual competitors, let’s point out their attire and hint at religious and political positions at the same time. What garbage.

If you’re not already familiar with ‘male gaze‘, it’s time for a primer on this concept first theorized 41 years ago by Laura Mulvey. I don’t know if I can even call it purely feminist theory any longer though it arose because of feminism’s emergence. The way content is constructed can be political, and the way we view it can also be political; if content can be constructed for the male gaze, it can also be constructed to perform for political ideology. What we see in the BBC’s photo is both a political and sexist statement — the bikini-clad woman preferred over the fully-clothed woman whose attire has been mislabeled (it’s not a burka), the lack of identity in either case. These women are figures to be looked at for visual enjoyment and not in a manner which satisfies women but a male gaze with a particular ideological slant.

The problem with NBC’s constructed Olympic coverage is that the corporation believes it has created a ‘female gaze’ product — but women don’t feel immersed in the sports they are watching, continually disrupted by the inauthenticity of the content they are viewing. It feels forced, like we are supposed to care about the content presented apart from the actual sports on the screen based on a third (and likely straight male) party’s expectations of the female audience, but the mediation and curation process interfere with our autonomy in viewing. We feel a jarring disconnect from a state of attentive viewing into a state of critical viewing — we’re left unsatisfied.

I don’t think men are feeling any better about the content they are seeing because it fails to serve their gaze in a manner which they have always expected from the male-led sports and entertainment industries.

It’s so damned easy to fix, too.

The one entity finding a silver lining in NBC’s coverage of the Olympics? Netflix, which blames flat subscriber growth on the games’ broadcast. Hard to argue with this based on anecdotal evidence; everybody who ordinarily binges on Netflix programming and shares the experience in social media during cooler months is now complaining about NBC’s programming.

Wheels

  • Not one but THREE illegal emissions control software programs in VW’s 3.0L vehicles (Reuters) — U.S. isn’t saying how they found them but the existence of multiple programs hints at the reason for the lack of a “fix” for 3.0L passenger diesels under the terms of the proposed settlement. Volkswagen has admitted to emissions controls defeat in its 2.0L and 3.0L passenger diesel vehicles it marketed as “clean diesel” here in the U.S., but it has not been forthcoming about the emissions cheat methodology. If I had to guess, I’d say every one of the 3.0L vehicles will be bought back — because even after all this time, VW having known the cheats were discovered in 2014, the company still does not have a true fix for the 3.0L engine.
  • GM now testing self-driving Bolt in AZ (The Detroit News) — This is the second city in which GM has tested the Bolt; first tests were in San Francisco, which seems to me more challenging than Scottsdale.
  • Court case against GM starts this week (Bloomberg) — Judge will have their hands full trying to keep the case focused on whether ignition switch at fault or not given the driver’s youth and alleged reckless driving.

Wings

  • Delta’s massive outage yesterday still causing scheduling problems (Bloomberg) — System failure still attributed to power outage though interestingly Georgia Power said it was a Delta problem. No mention anywhere of other possible causes for the outage — so far.
  • Southwest’s July outage revealed enterprise problems (Bloomberg) — The crash of a single router caused massive problems which Southwest is still digging out of weeks later. Why is this airline lacking adequate failover? Why is this airline so focused on stock price now to detriment of instructure, in spite of fuel costs having fallen so much since June 2014?
  • Teen security research awarded one million flyer miles by United Airlines (ZDNet) — Olivier Beg reported 20 undisclosed bugs to the airline. The largest single reward he received was 250K miles, meaning the worst single bug he found was medium in severity. Certainly cheaper to offer Beg the equivalent of 20 roundtrips to the U.S. than pay for the costs related to a major bug-related outage.

Words

One for the road
Looks like the FBI hasn’t found an app for that yet — remote surveillance on smartphones, that is. Isn’t that interesting?

Off to cook dinner before the nightly Olympic debacle begins. Wonder what fresh hell the taped delayed coverage will bring?

Monday: Buckle up, Buttercup

After my Go-Team-Yay-Space post yesterday, it’s time for a Monday morning reality check. Going to Mars will not be a panacea to our ills, as this darkly humorous animated short, Fired on Mars by Nick and Nate, shows. On the other hand, SpaceX’s Elon Musk offers an upside while acknowledging the inherent risk of space travel and colonization: “If you’re going to choose a place to die, then Mars is probably not a bad choice.”

Certainly beats an undiginified extinction by drowning on earth, eh?

We may not be leaving the planet today, but you’d best buckle up anyhow. This week’s going to be a doozy.

Brexit, Brexit, Brexit
Say that in your best Jan Brady voice — Brexit will suck all the oxygen out of this week’s market news. I’m afraid to look at the stock market at all because of it. Euronews has a roundup on the topic (though I warn you, it’s poorly formatted — keep scrolling down the page and increase print size). I’m not posting any other UK-based links here now because it’s quite obvious each media outlet has a position and their coverage reflects it. Most blatantly obvious are those owned by Rupert Murdoch’s Newsgroup, which has prompted some angry murmurs about an Aussie living in the U.S. telling the UK what to do.

Disturbing: Mexico’s federal police fire on teachers’ protest rally
I say disturbing for two reasons: first, that a democratic government’s federal would fire on protesters supporting the CNTE teachers’ union and actively deny it happened is appalling, and second, that its neighbor’s media would ignore that it happened. Teachers and supporters have been rallying in the state of Oaxaca, protesting the government’s education reform plan, characterized by some as neoliberal. It was clear from the outset that the government was in no mood to listen, given the number of riot police in place. The protests followed the detention/disappearance days earlier by police of CNTE union leaders Francisco Manuel Villalobos Ricardez and Ruben Nuñez. Conditions degraded over the course of the day, with federal police firing upon protesters. Early accounts claimed six were killed, of which one may have been a journalist and two teacher trainees. President Enrique Pena Nieto’s government at first denied there was any violence, and then later claimed the Associated Press’ photos of the violence were false. There were enough social media reports documenting the violence on the ground to neutralize the government’s claim — and thank goodness for social media, or the U.S. would have heard very little if anything about this conflict. Not exactly the fiesta of democracy President Nieto promised when he took office in 2012. For more current information about the conflict, follow hashtags #Nochixtlan (district) and #Oaxaca in Twitter; already the death count is disputed as some claim more than eight died after yesterday’s attack by police on protesters.

It’s extremely important to remember the protesters’ anger and frustration are not merely about the ENP government’s reform plan. The 43 young men who disappeared in 2014 and are believed dead were students at a teachers’ college; the federal police have been implicated in the disappearance of these students. To date, the mass disappearance of these students has not been fully accounted for. Imagine the furor if such a mass disappearance were to happen in the U.S.

Cyber, cyber, cyber
LOL sorry, I’m on a Brady Bunch jag. Forgot to remind you last Tuesday was Patch Tuesday — make sure you’ve updated your Win-based systems if you do so manually. Can’t hurt to check all your other non-Win devices, too.

  • Adobe Flash zero day patch a higher priority than Microsoft’s monthly patch (TechTarget) — Again, if you manually patch, get to this one ASAP. I’m a manual Adobe patcher myself; I don’t automate patching because I want to know exactly how often Adobe must patch their products. It’s annoyingly often.
  • This is your brain on drugs: Too-smart identity thief busted (ABC3340-Birmingham) — Can’t tell if the drugs ate his intelligence, or if they deluded this dude. Read this, it’s like a bad episode of COPS mashed up with Monty Python.
  • SmartTVs not so smart, held ransom by Flocker (TrendLabs) — Leap of ransomware to Android smartTVs perfectly exemplifies the danger of connecting things to the internet. Interesting how this one deactivates based on select country locations. Yet another opportunity to sell protection software, too, as you’ll note in the article.

Your recommended long read: Apple’s Differential Privacy
Crytography expert Matthew Green reviews Apple’s announcement this past week regarding development of “differential privacy,” which Apple defined as:

Starting with iOS 10, Apple is using Differential Privacy technology to help discover the usage patterns of a large number of users without compromising individual privacy. To obscure an individual’s identity, Differential Privacy adds mathematical noise to a small sample of the individual’s usage pattern. As more people share the same pattern, general patterns begin to emerge, which can inform and enhance the user experience. In iOS 10, this technology will help improve QuickType and emoji suggestions, Spotlight deep link suggestions and Lookup Hints in Notes.

This is worth your time to read as differential privacy suggests new approaches to meeting the needs of marketers while preserving the privacy of consumers applying algorithmic solutions. Read it now before this stuff gets really convoluted.

Check your safety harness from time to time. Catch you tomorrow!

Thursday Not-Morning: Stupid

Jeepers. I need hip waders. There is just so damned much stupid over the last 24 hours. It’s a veritable flood.

The Future is here, and it’s stupid

  • Law firm “hires” first artificially intelligent lawyer (Futurism) — Oh how nice. Treat human misery like a fungible commodity by using IBM’s AI ‘lawyer’ Ross to process bankruptcies. Want to bet it’s cheaper to hire paralegals to do the work Ross does? Want to bet Baker & Hostetler’s Ross will be replaced by a competing internet-based firm processing bankruptcies even more inexpensively? Hey Congress: doesn’t it say something to you about the number and kind of bankruptcies when a ‘robot’ can process them?
  • Facial recognition expected to be $6 billion by 2020 (Curatti) — No invasion of privacy issues there, nor any security risks whatsoever. No chance at all two or more people have the same facial characteristics in terms of dimension.
  • Chinese tech company prepares for future where our consciousness lives forever in a computer (Bloomberg) — This is really creepy, and yet very much possible in the near-term future. If AI can nearly reproduce you from your social media, why can’t it replicate your consciousness?

The Past remains, and it’s stupid, too

  • Staffing company Portico sent home a receptionist for not wearing high heels (BBC) — A petition emerged in response, asking Parliament to outlaw such policies; 100,000 signatures mustered overnight. They’ve reversed their position today after a furor arose about their policy requiring women to wear 2-4 inch high heels on the job at a PriceWaterhouse Cooper facility. PwC says it’s not their policy. Come on now — it’s 2016, not 1956. It’s just plain stupid to ask workers of a specific gender to wear attire for looks — attire which causes discomfort and is not recommended by doctors.
  • Belgian beer company changes iconic American brand name to pander to voters (AdAge) — Take one of the oldest and most recognized U.S. brands on which hundreds of millions of dollars have been spent to entrench an immigrant’s name into the American psyche. Then remove it and replace it with the country’s name for six months. My gods, the stupid on this one. Fortunately a West Michigan brewer is taking advantage of this opportunity with ‘Murica! I could use one right about now.
  • Some SAP accounting software users attacked because they screwed up in 2010 (The Register) — Talk about time travel. I’m sure there’s some folks who’d like to go back to 2010 and execute that security patch correctly this time before hackers smite their business to smithereens.

The Present’s no gift

  • Don’t feed the sea turtles (Scientific American) — Surprise! When tourists feed junk food to sea turtles, the turtles’ health mirrors that of humans fed the same crap.
  • Study: Ransomware cybercriminals provide better, faster service than internet service providers (Nature) — Not even a rational comparison next to Comcast. Seems like there’s a market opportunity here; if crooks held a machine hostage AND offered a PC tune-up, would PC owners happily fork over cash? Hmm.
  • Marijuana use during pregnancy increases risk for pre-term birth (ScienceDaily) — What a surprise that a psychoactive drug combined with toxic by-products from smoking a plant product might have negative effects on pregnancy.

Ugh. Hope tomorrow is kinder to us. See you in the morning!

Monday Morning: Brittle

The Emperor’s Palace was the most splendid in the world, all made of priceless porcelain, but so brittle and delicate that you had to take great care how you touched it. …

— excerpt, The Nightingale from The Yellow Fair Book by Andrew Lang

Last week I’d observed that Apple’s stock value had fallen by ~7% after its financial report was released. The conventional wisdom is that the devaluation was driven by Apple’s first under-performing quarter of iPhone sales, indicating weaker demand for iPhones going forward. Commenter Ian remarked that Apple’s business model is “brittle.” This perspective ignores the meltdown across the entire stock global market caused by China’s currency devaluation, disproportionately impacting China’s consumption habits. It also ignores great untapped or under-served markets across other continents yet to be developed.

But more importantly, this “wisdom” misses a much bigger story, which chip and PC manufacturers have also reflected in their sales. The video above, now already two years old, explains very neatly that we have fully turned a corner on devices: our smartphones are and have been replacing our desktops.

Granted, most folks don’t go through the hassle of purchasing HDMI+USB connectors to attach larger displays along with keyboards. They continue to work on their phones as much as possible, passing content to and from cloud storage when they need to work from a keyboard attached to a PC. But as desktops and their attached monitors age, they are replaced in a way that supports smartphones as our main computing devices — flatscreen monitors, USB keyboards and mice, more powerful small-footprint external storage.

And ever increasing software-as-a-service (SaaS) combined with cloud storage.

Apple’s business model isn’t and hasn’t been just iPhones. Not since the debut of the iPod in October 2001 has Apple’s business model been solely focused on devices and the operating system required to drive them. Heck, not since the debut of iTunes in January 2001 has that been true.

Is there a finite limit to iPhones’ market? Yeah. Same for competing Android-driven devices. But is Apple’s business just iPhones? Not if iTunes — a SaaS application — is an indicator. As of 2014, there were ~66 million iPhones in the U.S., compared to ~800 million iTunes users. And Apple’s current SaaS offerings have exploded over time; the Apple store offers millions of apps created by more than nine million registered developers.

At least nine million registered developers. That number alone should tell you something about the real business model.

iPhones are a delivery mechanism, as are Android-based phones. The video embedded above shows just how powerful Android mobile devices can be, and the shift long underway is not based on Apple’s platform alone. If any business model is brittle right now, it’s desktop computing and any software businesses that rely solely on desktops. How does that change your worldview about the economy and cybersecurity? Did anyone even notice how little news was generated about the FBI accessing the San Bernardino shooter’s PCs? Was that simply because of the locked Apple iOS account, or was it in part because the case mirrored society’s shift to computing and communications on mobile devices?

File under ‘Stupid Michigan Legislators‘: Life sentences for automotive hackers?
Hey. Maybe you jackasses in Michigan’s state senate ought to deal with the permanent poisoning of nearly 8000 children in Flint before doing something really stupid like making one specific kind of hacking a felony worthy of a life sentence. And maybe you ought to do a little more homework on hacking — it’s incredibly stupid to charge a criminal with a life sentence for a crime as simple as entry permitted by wide-open unlocked doors. Are we going to allocate state money to chase hackers who may not even be in this country? Are we going to pony up funds for social media monitoring to catch hackers talking about breaching wide-open cars? Will this law deter citizen white hats who identify automakers’ vulnerabilities? File this mess, too, under ‘Idiotic Wastes of Taxpayers’ Money Along with Bathroom Legislation by Bigots‘. This kind of stuff makes me wonder why any smart people still live in this state.

File this, too, under ‘Stupid Michigan Legislators‘: Lansing Board of Water and Light hit by ransomware
Guess where the first ransomware attack on a U.S. utility happened? Do I need to spell it out how ridiculous it looks for the electric and water utility for the state’s capitol city to be attacked by ransomware while the state’s legislature is worrying about who’s using the right bathroom? Maybe you jackasses in Lansing ought to look at funding assessment and security improvements for ALL the state’s utilities, including both water safety and electricity continuity.

Venezuela changes clocks to reduce electricity consumption
Drought-stricken Venezuela already reduced its work week a month ago to reduce electricity demand. Now the country has bumped its clocks forward by 30 minutes to make more use of cooler early hour during daylight. The country has also instituted rolling blackouts to cutback on electricity. Cue the right-wing pundits claiming socialism has failed — except that socialism has absolutely nothing to do with a lack of rainfall to fill reservoirs.

Coca Cola suing for water as India’s drought deepens
This is a strong piece, worth a read: Whose Water Is It Anyway?

After a long battle, the UN declared in 2010 that clean water was a fundamental right of all citizens. Easier said than done. The essential, alarming question has become, ‘Who does the groundwater belong to?’ Coca Cola is still fighting a case in Kerala where the farmers rebelled against them for using groundwater for their bottling plants. The paddy fields for miles around dried up as water for Coke or the company’s branded bottled water was extracted and transported to richer urban consumers.

Who did that groundwater belong to? Who do our rivers belong to? To the rich and powerful who can afford the resources to draw water in huge quantities for their industries. Or pollute the rivers with effluent from their industries. Or transport water over huge distances at huge expense to turn it into profit in urban areas.

Justus Rosenberg: One of Hannah Arendt’s rescuers
Ed Walker brought this piece to my attention, a profile of 95-year-old Justus Rosenberg featured in this weekend’s New York Times. I love the last two grafs especially; Miriam Davenport characterized Rosenberg as “a nice, intelligent youngster with no family, no money, no influence, no hope, no fascinating past,” yet he was among those who “…were a symbol of sorts, to me, in those days […] Everyone was moving Heaven and earth to save famous men, anti-fascist intellectuals, etc.” Rosenberg was a superhero without a cape.

That’s our week started. See you tomorrow morning!

See you tomorrow morning!

Thursday Morning: Taboo You

Still on spring break around here. If I was legit on a road trip some place warm right now, you’d find me lounging in the sun, sipping fruity cocktails at all hours, listening to some cheesy exotica like this Arthur Lyman piece I’ve shared here.

Though horribly appropriative and colonialist, it’s hard not to like exotica for its in-your-face corniness. I think my favorite remains Martin Denny’s Quiet Village. It brings back memories from the early 1960s, when life was pretty simple.

Let’s have a mai tai for breakfast and get on with our day.

Urgent: Increasing number of hospitals held ransom
Last month it was just one hospital — Hollywood Presbyterian Medical Center paid out bitcoin ransom.

Last week it was three — two Prime Healthcare Management hospitals in California and a Methodist Hospital in Kentucky held hostage.

Now, an entire chain of hospitals has been attacked by ransomware, this time affecting the servers of 10 related facilities in Maryland and Washington DC. The FBI is involved in the case. Is this simple extortion or terrorism? The patients diverted from the facilities to other hospitals’ emergency rooms probably don’t care which it is — this latest attack interfered with getting care as quickly as possible. Let’s hope none of the diverted patients, or those already admitted into the MedStar Union Memorial Hospital chain, have been directly injured by ransomware’s impact on the system.

The MedStar cases spawns many questions:

  • Was any patient’s physical health care negatively affected by the ransomware attack?
  • Given the risks to human health, why aren’t hospitals better prepared against ransomware?
  • Have hospitals across the country treated ransomware as a potential HIPAA violation?
  • Was MedStar targeted because of its proximity to Washington DC?
  • Was Hollywood Presbyterian Medical Center targeted because its owner, CHA Medical Center, is South Korean?
  • Were any patients being treated at MedStar also affected by the OPM data breach, or other health insurance data breaches?
  • How much will ransomware affect U.S. healthcare costs this year and next?

Bet you can think of a couple more questions, too, maybe more than a couple after reading this:

Hospitals are considered critical infrastructure, but unless patient data is impacted there is no requirement to disclose such hackings even if operations are disrupted.

Computer security of the hospital industry is generally regarded as poor, and the federal Health and Human Services Department regularly publishes a list of health care providers that have been hacked with patient information stolen. The agency said Monday it was aware of the MedStar incident.

Apple iPhone cases emerge
After the San Bernardino #AppleVsFBI case, more law enforcement investigations relying on iPhones are surfacing in the media.

  • L.A. police crack open iPhone with fingerprints obtained under warrant (Forbes);
  • FBI will assist county prosecutor in Arkansas with iPhone belonging to alleged teen killer (Los Angeles Times); the method may be the same hack used on the San Bernardino phone, which was supposed to be a one-off (Network World);
  • ACLU found 63 other cases in which FBI used All Writs Act to obtain iPhone/Android smartphone data from Apple and Google (The Register).

Stupid stuff

  • In spite of screwing up not once but twice by releasing its racist, obnoxious Tay AI chatbot, Microsoft tripled down on a future full of chatbots you can build yourself with their tools. (Ars Technica) — Ugh. The stupid…
  • UK’s Ministry of Defense awarded funding to Massive Analytics for work on “Artificial precognition and decision-making support for persistent surveillance-based tactical support” (Gov.UK) — OMG Precog in warfare. Human-free drone attacks. What could go wrong?
  • Rich white guys queue up outside Tesla dealerships for days waiting to pre-order the new Tesla 3 (Vancity Buzz) — Vancouver, Sydney, probably other places I’m too arsed to bother with, because rich white guys.

That’s quite enough. Back to pretending I’m lying under a cerulean sky, baking my tuchis, cold drink in hand.

Wednesday Morning: Wicked Weary World

Let’s have a brunch-time salute to Belgium, which produced this fine young artist Loic Nottet. Too bad there’s not much well-produced content in YouTube yet by this youngster. He has incredible upper range reach with great potential because of the power behind his voice. Hope to hear more by him soon; he’s a sweet antidote to bitter wickedness.

All in the family
Hope you’ve read Marcy’s piece already this morning on the relevance of nuclear family units to terrorism. In addition to suicide bombers El Bakraoui brothers Marcy mentioned, it’s worth examining the other links between the November 13 attacks in Paris and the attacks in Belgium yesterday. Note the familial relationships and their first-degree network:

Brahim Abdelslam — older brother of Salah, blew himself up in Paris during the November 15 attacks. (Dead)
Salah Abdelslam — captured last Friday March 18, has admitted he ‘had planned to target Brussels.’ His location was flagged by an unusual number of pizzas delivered to an apartment where power and water had been shut off. (In custody)

Abaid Aberkan — characterized as a relation of the Abdelslams, carried Brahim’s casket at the funeral last week. (NOT a terror suspect Edit: Le Monde indicates Aberkan was arrested during Friday’s raid, but name spelled ‘Abid.’) (In custody)
Aberkan’s mother — renter/owner of Molenbeek apartment in which Salah was hiding when captured last week. (NOT a terror suspect)

Mohamed Belkaid — killed in a raid last Tuesday at an apartment in Forest district; Salah fled the apartment. (Dead)

Mohamed Abrini — A childhood friend and neighbor of Salah, his younger brother Suleymane died fighting in an Islamist militia under the direction of Abdelhamid Abaaoud. Abaaoud, the leader of the Paris attacks, died on November 18 during a police raid. Abrini had traveled with both of the Abdelslam brothers the week before the attacks in Paris. He is now on the run and sought in relation to yesterday’s attack. (Suspect)

Najim Laachraoui — traveled with Salah and Belkaid last September, under the name Soufiane Kayal. His DNA was found in three different locations: on explosives in Paris, and at two other hide-outs used by attackers. He is now sought in relation to yesterday’s attack. (Suspect)

Though we’ll hear arguments for increased internet surveillance, it’s easy to see that traditional police work could identify a terrorist network of family and friends in the same way members of an organized crime syndicate centered around a family are revealed. (Sources for the above: The Guardian and The Australian)

Other stuff going on…

  • ‘Flash Crash’ trader to be extradited to the U.S., rule British judges (France24)
  • Sextortionist Michael Ford, who ran a criminal enterprise from his work computer while employed at U.S. embassy, sentenced to four years and nine months in prison (Ars Technica) — BoingBoing notes the hypocrisy of a government demanding backdoors while failing to note such a massive misuse of its own network.
  • Another hospital held hostage by ransomware, this time in Kentucky (Krebs on Security) — STOP OPENING LINKS IN EMAIL at work, for starters. Isolating email systems from all other networked operations would be better.
  • 24 car models by 19 automakers vulnerable to keyless entry hack (WIRED–mind the ad-block hate) — Mostly foreign models affected due to the radio frequency used.

Better luck tomorrow, gang. See you in the morning.

Wednesday Morning: Place Your Bets

About 11:00 a.m. EST today President Obama will announce his nominee to the Supreme Court to fill Antonin Scalia’s seat on the bench.

Apart from Sri Srinivasan, widely mentioned as the likely nominee, who is a possible candidate? Share your guess and then place your bets on Most-Likely Nominee and offer odds on a recess appointment.

Heads up: Your browsing could put you at risk of ransomware
I suppose the news that really big and popular sites were afflicted by ransomware within the last week explains why I had yet another Adobe-brand update pushed at me. Sites affected included The New York Times, the BBC, MSN, and AOL, along with others running a compromised ad network serving ransomware.

PSA: Make sure all your data files are backed up off your PC, and have access to software to rebuild your machine, in case your device is held for ransom.

#AppleVsFBI: Apple filing in California yesterday
Funny how different the characterizations of the 26-page filing. Here’s two:

  • The Guardian (emphasis mine):

    Apple’s lawyers tried to lower the temperature in the company’s fight with the US government on Tuesday, telling a federal judge that America’s Justice Department is well-meaning but wrong in its privacy standoff with the iPhone maker.

  • Forensic scientist Jonathan Ździarski: “Here, Apple is saying, ‘If it pleases the court, tell the FBI to go fuck themselves.'”

Zika virus: even uglier than expected

Stray cats, rounded up…

  • DARPA appeals to Maker/DIY/geek-nerd types, asks them to weaponize everyday devices (IEEE Spectrum) — I find this incredibly creepy; why is DARPA doing this, if the point is to prevent harm to the public from consumer products? Why not FTC/FCC/DOE instead of the military? And what happens to the feckless DIYer who accidentally hurts someone in the course of trying this stuff at home? Will DARPA indemnify them? Or are these informal adjuncts supposed to assume liability though they are doing military and law enforcement research? And what about the participants — will their identities be “harvested” for unspecified use in the future? So much stupid.
  • US transport secretary Anthony Foxx says, “It’s not a surprise that at some point there would be a crash of any technology that’s on the road,” (The Guardian) — in regards to the recent crash of a Google self-driving car with a bus. If it’s not a surprise, why are these on the road so soon? Don’t argue humans crash; these driverless vehicles are supposed to be BETTER than humans, and the public’s roadways shouldn’t be corporate laboratories.
  • PA man charged with phishing celeb women to gain access to their personal photos and videos (The Guardian) — Oddly, he’s not charged with distribution of the celebs’ pics in what became known as ‘The Fappening.’ A perfect example of the kind of crime which would be made easier and more widespread if Apple’s security was weakened — and law enforcement struggles with tackling it now.

That’s a wrap, for now, furballs all cleaned out of the holding bins. See you tomorrow morning!

Monday Morning: Put Your Pom-poms Down

A certain state governor (or his PR team) tweeted a bunch of smack last night during the Democratic presidential candidates’ debate. Like this:

RSnyder_tweet_06MAR2016

It is to laugh. Every decision made by this administration about Flint has been about money, not about the right thing, and not even about the legal thing.

He put his pom-poms down last week long enough to lawyer up, though. Mm-hmm.

By the way, that’s the NSFW version – here’s the language-sanitized clean version of that video for your office space. Crank the volume and bring it.

All around Apple town

  • Email provider Lavabit filed an amicus brief in #AppleVsFBI, arguing the FBI’s demands could have adverse affects on businesses:

    Such precedence would likely result in many businesses moving their operations offshore, therefore, making it more difficult for law enforcement to obtain even ordinary assistance from such companies…

    Wow, sounds familiar, huh? Brief’s worth a read (pdf).

  • Apple VP of software engineering Craig Federighi wrote an op-ed for yesterday’s WaPo, restating an opinion Apple and many of its supporters already expressed:

    “…it’s so disappointing that the FBI, Justice Department and others in law enforcement are pressing us to turn back the clock to a less-secure time and less-secure technologies. …”

  • The stakes get higher in #AppleVsFBI as Apple prepares to launch several new iPhones and an iPad on March 21. We all know a decision by Judge Pym will affect these devices in the future, not just the San Bernardino shooter’s iPhone 5C.
  • And just to keep Apple users even more on their toes, there’s now Apple ransomware on the loose. So far only Mac devices have been targeted, but it’s only a matter of time before other Apple devices are similarly affected. I’d put my money on higher profile users or those using iPhones to remotely control costly systems.

Quickety-lickety

And on this day in 1876, U.S. Patent 174,465 for Improvement in Telegraphy was granted to Alexander Graham Bell.

What will they write about this day in another 140 years? Do something worth writing about.