Saturday, April 23, 2016
For my Computer Security students.
Bangladesh Bank exposed to hackers by cheap switches, no firewall: police
Bangladesh's central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 switches to network computers connected to the SWIFT global payment network, an investigator into one of the world's biggest cyber heists said.
The shortcomings made it easier for hackers to break into the Bangladesh Bank system earlier this year and attempt to siphon off nearly $1 billion using the bank's SWIFT credentials, said Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police's criminal investigation department.
"It could be difficult to hack if there was a firewall," Alam said in an interview.
The lack of sophisticated switches, which can cost several hundred dollars or more, also means it is difficult for investigators to figure out what the hackers did and where they might have been based, he added.
Experts in bank security said that the findings described by Alam were disturbing.
"You are talking about an organization that has access to billions of dollars and they are not taking even the most basic security precautions," said Jeff Wichman, a consultant with cyber firm Optiv.
Tom Kellermann, a former member of the World Bank security team, said that the security shortcomings described by Alam were "egregious," and that he believed there were "a handful" of central banks in developing countries that were equally insecure.
… The police believe that both the bank and SWIFT should take the blame for the oversight, Alam said in an interview.
"It was their responsibility to point it out but we haven't found any evidence that they advised before the heist," he said, referring to SWIFT.
Another update. In short, someone with legal access to the database screwed up. Interesting read.
Overnight, I received a response from the INE with answers to some questions I had posed to them about a massive database leak of Mexican voter data. The leak had been discovered by MacKeeper researcher Chris Vickery.
Another interesting article for my Computer Security students. Phishing works!
After 24 days of updating my scratch list of incidents involving phishing for W-2 information (business email compromise), I decided to take stock and try to organize what we have so far. I was surprised to see that there were already 90 incidents. Most of these entries were found via media reports and reports to state attorneys general. Some were found via KrebsOnSecurity. In a few cases, it’s not totally clear whether an incident was a phishing attack or some other type of breach that compromised employee information.
[Full list follows…
Reminds me of my childhood vacations at the Jersey shore. Something smells fishy. Is the FBI still trustworthy?
Federal Prosecutors Drop Court Case to Force Apple to Unlock iPhone
The Justice Department on Friday night dropped a court case trying to force Apple Inc. to help authorities open a locked iPhone, adding new uncertainty to the government’s standoff with the technology company over encryption.
In a one-page letter filed with a Brooklyn federal court Friday night, the government said an individual had recently come forward to offer the passcode to the long-locked phone. The filing means that in both of the high-profile cases pitting the Justice Department against Apple, the government first said it couldn’t open the phone, only to suddenly announce it had found a way into the device as the case proceeded in court.
… The sudden withdrawal from the case is a setback in more ways than one for the Justice Department. It leaves unchallenged a 50-page ruling by a magistrate judge concluding the government doesn’t have legal authority to force companies like Apple to help investigators open devices. It is also likely to spark further criticism from privacy advocates that government officials shouldn’t be believed when they say the only way they can open a device is with help from the manufacturer.
… The government’s move to drop the case means there is no public legal case to fight with Apple, though a February court filing indicated there were a dozen similar such cases, most of them under seal, around the country.
(Related) Erosion of trust?
Seems a bit like old news by now, but Brad Heath reports:
The FBI guards its high-tech secrets so carefully that officials once warned agents not to share details even with federal prosecutors for fear they might eventually go on to work as defense attorneys, newly disclosed records show.
A supervisor also cautioned the bureau’s “technically trained agents” in a 2003 memo not to reveal techniques for secretly entering and bugging a suspect’s home to other agents who might be forced to reveal them in court. “We need to protect how our equipment is concealed,” the unnamed supervisor wrote.
Read more on USA Today.
Scott Greenfield writes:
When the existence and capacity of Stingrays came to light, you might have thought all hell would break loose. After all, it wasn’t just the public that was kept in the dark by this monumental breach of privacy. It was judges too.
The concealment of the use of Stingray is one thing. The deceptive claim that Stingray is little more than a trap and trace device is another. But these emails go to a different place. It’s not just the government concealing their cool, secret devices from the public. Not even from criminal defense lawyers. They are lying to the courts about using them.
Read more on Simple Justice.
Not just the FBI? Does every government agency have “double secret” technology to spy?
Derrick Broze reports:
Phoenix resident Brian Clegg was concerned about a box he witnessed being installed on a power pole. Clegg said the box was facing his house and he believed it may have had cameras inside. The pole was owned by Arizona’s largest power provider, SRP, who claimed no one had permission to put the box on their pole. Brian Clegg says shortly afterwards SRP sent a crew to remove the box.
Shortly after ABC15 investigated the matter, the bureau of Alcohol, Tobacco and Firearms and Explosives(ATF), a branch of the U.S. Department of Justice, acknowledged installing the box as part of an ongoing investigation. Officials with the ATF would not provide details about their alleged investigation and would not confirm if they were conducting surveillance in the area.
Read more on Activist Post.
The “Founding Fathers” of e-government? Looks like those campaign donations do buy access. (“What’s good for General Bullmoose is good for the country!” Lil Abner)
Report finds hundreds of meetings between White House and Google
Google and its affiliates have had at least 427 meetings at the White House during President Obama’s tenure, according data from the Campaign for Accountability and The Intercept.
The data, gleaned from White House meeting logs, showed that in all, 169 Google employees have met in the White House with 182 government officials. Not surprisingly, Google’s head of public policy, Johanna Shelton, had the most White House meetings of any Google employee, with 128.
The report highlights the access enjoyed by Google, which has a expansive lobbying operation in Washington and consistently ranks among the highest spenders. In just the first quarter of this year, Google spent $3.8 million to lobby the government.
… The numbers also show 55 times in which Google employees took jobs in the federal government, and 197 times when government employees went to work for Google.
I just stumbled across this and had to record it for use later. Remember the Ferengi?
Rules of Acquisition
Da bidness of smartifying.
Hack Education Weekly News
… “A federal judge has ruled that the Consumer Financial Protection Bureau doesn’t have the legal authority to investigate the accreditation of for-profit colleges,” The Chronicle of Higher Education reports.
… The latest in the ongoing battles over teacher tenure: “The North Carolina Supreme Court on Friday ruled unconstitutional a state law that phased out job protections for teachers who had already earned them,” The News & Observer reports.
… Via Reuters: “At least five times in the past three years, U.S. high school students were administered SAT tests that included questions and answers widely available online more than a year before they took the exam.”
… “Richard Payne, director of Douglas County School District security, spent $12,000 on 10 Bushmaster semi-automatic long rifles that will be given to the district’s in-school security guards,” Boing Boing reports.
… “Businesses, nonprofits and communities are turning to private dollars for help in establishing free community college programs,” Inside Higher Ed reports. Meanwhile, San Francisco Board of Supervisor member Jane Kim has proposed eliminating tuition at the City College of San Francisco for the city’s residents; and Kentucky’s newly approved budget would also offer “last dollar aid” for community college.
… War is Peace. Freedom is Slavery. And tracking biometrics and keystrokes will make education technology more secure.
… Note-taking by hand > note-taking by computer, according to research published in Psychological Science.
Friday, April 22, 2016
This is still an interesting topic. I wonder how the hackers would have responded to a subpoena?
FBI paid more than $1.3 million to break into San Bernardino iPhone
Federal Bureau of Investigation Director James Comey said on Thursday the agency paid more to get into the iPhone of one of the San Bernardino shooters than he will make in the remaining seven years and four months he has in his job.
According to figures from the FBI and the U.S. Office of Management and Budget, Comey's annual salary as of January 2015 was $183,300. Without a raise or bonus, Comey will make $1.34 million over the remainder of his job.
That suggests the FBI paid the largest ever publicized fee for a hacking job, easily surpassing the $1 million paid by U.S. information security company Zerodium to break into phones.
Speaking at the Aspen Security Forum in London, Comey was asked by a moderator how much the FBI paid for the software that eventually broke into the iPhone.
"A lot. More than I will make in the remainder of this job, which is seven years and four months for sure," Comey said. "But it was, in my view, worth it."
It is very easy to make an error in configuration. That’s why we suggest you have someone check your work before going live.
In today’s installment of “Epic Infosecurity #FAIL,” more than 93.4 million Mexican citizens have had their voter registration details exposed online due to a misconfigured database. Why a database with Mexican voters’ information was hosted on a server outside of Mexico, who uploaded it to Amazon, and why it wasn’t properly secured are questions in search of answers.
Last week, MacKeeper Security Researcher Chris Vickery contacted DataBreaches.net to report that he had discovered yet another misconfigured MongoDB database. This one, 132 GB in size, appeared to contain voter registration data from 93,424,710 Mexican citizens.
Vickery, who has blogged about this incident on the MacKeeper blog, provided this site with a redacted screen cap of an individual’s record:
… Although there was no information included in the leaky database that could point us to its owner or who had uploaded it to Amazon cloud services, the data appeared to be voter registration data compiled by the Instituto Nacional Electoral (INE).
After some discussion as to whom to notify and how, Chris decided to report his discovery to the State Department and let them contact their Mexican counterparts in the spirit of cooperation. When he got no meaningful response, he reached out to the State Department’s Office of Mexican Affairs, who told him they would forward his alert up the chain. When that still didn’t achieve the desired results of getting the database secured, Chris contacted the U.S. Secret Service, Department of Homeland Security, and US-CERT. He also contacted the Mexican embassy directly:
After I explained the situation over the phone, they wanted proof of the breach and gave me an email address to send it to. I sent them an explanation with the IP address and two screenshots as evidence. The embassy has never even responded to that email.
(First lesson to be learned by INE: provide an easy-to-find email address on your web site for people to report security breaches.)
As fate would have it, though, Chris was speaking up at Harvard about his research and mentioned the leak. A student from Mexico verified the accuracy of his father’s record, and a faculty member tried to assist Chris with the notification problem by giving him other individuals to contact. Chris eventually heard back from someone from the Instituto Federal Electoral, (IFE/INE), who thanked Chris and who said they would get right on getting it secured. Of note, the coordinator said that the IP address was not theirs and he was investigating to see who was responsible for the database being on that IP address. In a subsequent communication to DataBreaches.net, the coordinator reported that the numbers in the database did not match national historic numbers, and that had become part of their investigation, too.
The database has now been secured.
Publication of this post was delayed until now at the request of the Mexican government to give them time to investigate and to secure the database.
Entire Countries Breached
With this leak, Mexico now joins a list of countries where almost the entire population has had their personal information leaked or breached, as 93.4 million represents over 72% of Mexico’s estimated population. Belize, Greece, Israel, Philippines, and Turkey have also experienced leaks of the majority of their population’s personal information. And of course, let’s not forget that Chris Vickery had also discovered 191 million U.S. voters‘ data leaking due to a similarly misconfigured database.
An easy hack? At least, one to watch for. (Vandalism is cheap)
Printers at German Universities Mysteriously Churn Out Anti-Semitic Leaflets
Printers at several universities across Germany produced anti-Semitic leaflets on or before Hitler’s birthday this week, after hackers appeared to break into their computer systems, according to university officials.
Universities in Hamburg, Lüneburg and Tübingen confirmed that printers connected to their computer networks had suddenly started churning out the leaflets, most of them on Wednesday, the anniversary of Hitler’s birth in Braunau, Austria, in 1889.
… In the United States, several colleges reported similar breaches in March, according to the New Jersey-based website nj.com, which reported an episode at Princeton, and to The Washington Post, which said several universities across the country had been affected.
The leaflet that was printed out in Hamburg included the Twitter hashtag “dailystormer,” a term also used on a website referred to in the leaflets in the United States, Mr. Matheis said. The term is an allusion to a Nazi publication.
Is ‘gathering data” the same thing as “spying on?” (See the article on misconfigured databases, above.)
UK intel agencies spy indiscriminately on millions of innocent folks
The UK's intelligence agencies (MI5, MI6, and GCHQ) are spying on everything you do, and with only the flimsiest of safeguards in place to prevent abuse, according to more than a thousand pages of documents published today as a result of a lawsuit filed by Privacy International.
The documents reveal the details of so-called "Bulk Personal Datasets," or BPDs, which can contain "hundreds to millions of records" on people who are not suspected of any wrongdoing.
… Nor, it seems, are BPDs only being used to investigate terrorism and serious crime; they can and are used to protect Britain’s “economic well-being”—including preventing pirate copies of Harry Potter books from leaking before their release date.
BPDs are so powerful, in fact, that the normally toothless UK parliament watchdog that oversees intelligence gathering, the Intelligence and Security Committee (ISC), recommended in February that "Class Bulk Personal Dataset warrants are removed from the new legislation."
These data sets are so large and collect so much information so indiscriminately that they even include information on dead people.
If managers don’t learn to check the financial stability of vendors when negotiating contracts, my students will learn about it in the Business Continuity class.
Joseph Conn reports:
The hospital association that operates a major Chicago-area health information exchange is suing its health information technology vendor that abruptly announced it will go out of business.
The hospital Metropolitan Chicago Healthcare Council, now merged with the Illinois Health and Hospital Association, operates the MetroChicago HIE that connects more than 30 northeastern Illinois hospitals, according to a membership list on its website.
A suit in U.S. District Court for the Northeastern District of Illinois names as defendants Sandlot Solutions and Santa Rosa Consulting, an owner of the company. The suit alleges that Sandlot breached its agreement “by shutting down the MetroChicago HIE system and denying MCHC’s participants access to their client data on the system.”
Read more on Crain’s.
[From the article:
The records show that Sandlot was planning to provide MCHC a copy of its raw client data and then destroy the existing client data from its third-party hosting service.
That plan, according to the complaint, would breach Sandlot's data management and transition obligations under its contract, and would prevent the association from properly validating the data, [Not sure how that occurs Bob] which would result in a clear violation of federal privacy laws.
This sounds expensive. Have all responsible managers lost their job or can we look for more of the same? (I would classify this as a “computer crime,” wouldn’t you?)
Volkswagen will buy back most Dieselgate cars in US
Volkswagen will offer to buy back every diesel car in the US that cheated emissions standards, a vast and expensive undertaking covering nearly half a million vehicles. The decision is part of a settlement in principle with the US Department of Justice (DoJ), Environmental Protection Agency (EPA), and California Air Resources Board (CARB), announced today, as part of the German automaker's grand "Dieselgate" mea-culpa for fitting several of its models with cunning bypass devices that helped fake the results during government testing.
… Those who want to keep their vehicles will be offered a fix instead, and there's the promise of "substantial compensation" involved too.
… Some reports pegged a $5,000 payout to each owner as part of the deal, though the judge criticized those responsible for the leaks.
Uber Settles Cases With Concessions, but Drivers Stay Freelancers
… On Thursday, Uber moved a step closer to getting its way. The company reached a settlement in a pair of class-action lawsuits in California and Massachusetts that will let it continue to categorize drivers in those states as independent contractors — a landmark agreement that could have lasting implications for the long-term viability of the ride-hailing service.
Under the settlement, filed in the United States District Court in the Northern District of California, Uber will pay as much as $100 million to the roughly 385,000 drivers represented in the cases. The company also agreed to several concessions to appease driver concerns, including giving more information on how and why drivers are barred from using the app, as well as aiding in creating new “drivers associations” in both states. [Not Unions! Bob]
I expect to see this splashed all over the evening news. A side benefit: Drinking more beer means more power! (I’m sorry. I just realized that it is very difficult not to say something that isn’t humorous or “punny.”)
Coming soon: The Internet of Pee-Powered Things
… Researchers at the University of Bath have revealed a breakthrough -- cheekily dubbed "pee power" -- involving the use of urine to power electronic devices in remote locations.
You can read the details in their paper, titled "Towards effective small scale microbial fuel cells for energy generation from urine." But in a nutshell, they've figured out how to build one-inch-square fuel cells that cost a buck or two and that get their buzz from urine, which interacts with "electric" bacteria. So-called microbial fuel cells are seen as being a carbon-neutral source of power generation, [Al Gore approved? Bob] and could be used to provide juice to devices such as smartphones.
A class we should add?
Tech Savvy: Reinventing Work With Virtual Reality
Virtual reality could be the new reality at work: The demand for the free Samsung Gear VR headsets offered in a recent promotion was so high that the consumer electronics giant won’t be able to deliver them for months. Yet, as hot as the consumer market for VR gear appears to be, the business market may outstrip it.
I’m going to share this with my students who must write to our “Discussion Board” every week. Note the tips I suggest!
How to Write the Perfect Professional Email (Backed by Data)
… In the past, we’ve listed 12 reasons why people are still ignoring your emails. We’ve even given you step-by-step instructions on getting busy people to respond to your messages. But now it’s time to share some even more specific, actionable tips — backed by data.
Each of these tips doesn’t just improve the chances of your emails being read, but also of you receiving a positive response from those emails. This is important because email is still the main form of communication in the business world. By knowing how to craft effective emails, you give yourself a definite advantage over your colleagues.
[Okay, please don’t follow this tip.
7. Write at Third-Grade Level
The reading grade level of your emails can have a massive effect on your response rates. According to Boomerang, emails written at a college reading level had a response rate of just 39%. The most effective reading grade was third-grade, which achieved a 53% response rate.
[Absolutely do this!
8. Proofread Your Text
For longer emails this goes without saying, but for shorter emails, proofreading is often overlooked. This is a bad idea.
In a 2001 study, Larry Beason showed that mistakes in writing (including spelling and grammatical mistakes, as well as logical mistakes) have several negative effects on the perception of the writer.
For my students.
9 Cleanest & Safest Websites to Download Free Software for Windows
Microsoft Translator Adds Image Translation to Android
… With the new image translation feature in the Translator app for Android, you no longer need to type text or say foreign languages phrases out loud when you see them written on signs, menus, flyers…whatever. Instead you can translate pictures instantly from your phone, with the translation appearing in an overlay above the existing text.
Dilbert perfectly illustrates the problem we face if companies give them backdoors into their encryption!
Thursday, April 21, 2016
Another swing of the pendulum.
Cyrus Farivar reports:
A federal judge in Massachusetts ruled Wednesday in favor of a man accused of accessing child pornography through Tor, finding that the warrant issued by a Virginia-based judge was invalid. The evidence of child pornography the government claims it found on the man’s computers is suppressed, which likely makes continuing prosecution of this case significantly more difficult.
Read more on Ars Technica.
[From the article:
"It allowed government agents to conduct a borderless dragnet search with no geographic limitation," J.W. Carney, Levin’s lawyer, wrote in a court filing. "Rule 41 simply does not permit a magistrate judge in Virginia to authorize the search of the defendant’s computer located in Massachusetts."
Tom Randall reports:
On April 6, during a panel discussion at the International Association of Privacy Professionals’ Global Privacy Summit, officials from the Attorney General offices of New York, Illinois and the District of Columbia highlighted the evolving focus of state Attorneys General from high-profile retail data breaches to breaches involving more sensitive personal data. Matthew Van Hise, an official with the Illinois Attorney General’s Office, noted that as retailers are becoming more sophisticated in implementing their payment card infrastructures, through chip-and-pin and other methods, state AGs are turning their attention to breaches of personal health information, Social Security numbers, and other highly sensitive data.
Read more on JDSupra.
Of course they will. After all, “we gotta do something” to address this symptom of a bad tax code. (The code itself is too complicated and too heavily lobbied to change.) Isn’t all of this data attorney-client communication? Wouldn’t that complicate thigs?
U.S. launches ‘criminal investigation’ involving Panama Papers
… In a letter to the International Consortium of Investigative Journalists (ICIJ), U.S. Attorney Preet Bharara wrote that his office had “opened a criminal investigation regarding matters to which the Panama Papers are relevant,” and he asked to speak with someone who had worked on the project. [Rather wimpy. If they say no, is that the end of the investigation? Bob] The Guardian newspaper, which was among those to analyze the materials, posted a copy of the letter on its website.
… President Obama has noted, too, that those who want to find loopholes in U.S. tax laws generally have not had a problem doing so.
“It’s not that they’re breaking the laws, it’s that the laws are so poorly designed that they allow people, if they’ve got enough lawyers and enough accountants, to wiggle out of responsibilities that ordinary citizens are having to abide by,” Obama said.
(Related) Do you suppose Mr Bharara knew about this? Or did he deliberately not know about it?
New York Wants Foreign Banks to Hand Over Panama Records
… New York’s Department of Financial Services asked companies including Deutsche Bank AG, Credit Suisse Group AG, Commerzbank AG, ABN Amro Group NV and Societe Generale SA to provide communications, telephone logs and records of other transactions between their New York branches and employees or agents of the law firm, Mossack Fonseca & Co. The banks aren’t accused of wrongdoing. [Yet. Bob]
Good to know that some technology works as promised.
Visa: Some merchants see dip in fraud thanks to chip cards
… Among the 25 merchants who were suffering the most instances of counterfeit fraud at the end of 2014, five that began processing credit and debit cards equipped with the new EMV technology saw those infractions fall 18.3% as of the final quarter of 2015, says Stephanie Ericksen, vice president of risk products at Visa. Meanwhile, five of those merchants who were not yet equipped to handle chip-enabled cards saw an increase in fraudulent transactions of 11.4%.
Security (and Privacy) have become selling points. The FBI is going to have to learn to live without being able to read the messages (email, phone calls, texts, etc.) it intercepts.
Viber Joins WhatsApp With End-to-End Encryption Protecting Privacy For Its 700 Million Users
It doesn't matter if you're chatting with a co-worker about a sensitive business proposal you're putting together or bantering about basketball playoffs with a group of buddies, the idea that a third-party could be intercepting and reading your communication is creepy. Messaging providers are taking a privacy stand against such things, including Viber, which is adding end-to-end encryption to its popular platform.
Over 700 million people use Viber, more than enough to make it a target for spying from hackers and even government organizations. But just as WhatsApp has done for its more than 1 billion users, Viber's roll out of end-to-end encryption will help keep prying eyes from seeing private communication, whether the government likes it or not.
(Related) The more security the better?
Opera Browser Piles On More Privacy With Free VPN Feature
The Opera OPESY 1.90% browser last month gained a built-in ad-blocking feature to help set it apart from the pack, and now it has made itself even more distinctive with a free virtual private network (VPN) feature.
VPNs are handy security and privacy tools that route your Internet activities through a distant connection — this can be useful for protecting your browsing while you’re on public Wi-Fi, or accessing region-restricted content from somewhere outside that region.
There are plenty of VPNs out there, and many can plug into your browser to allow easier use, but Opera’s version is baked in from the start. What’s more, it’s free and it offers unlimited data usage.
For my Computer Security students.
Quick Tips and Facts That’ll Help Avoid Vishing and Smishing Scams
Have you heard of vishing or smishing? Essentially, they’re both forms of phishing — vishing is done over the phone, and smishing is done through text messages. Both scams are designed to steal the victims information or money from them.
Thankfully, these scams can be avoided if you know what to look for. The infographic below will tell you everything you need to know to make sure you don’t become a victim.
As a Math teacher, I love to see Venn diagrams that summarize litigation.
Tech coalitions pen open letter to Burr and Feinstein over bill banning encryption
Tempting. I could call all my students at once and tell them what I think!
Facebook Messenger Rolls Out Group Calling: You Can Now Phone Everyone In A Group Chat
Facebook Messenger has launched a group-calling feature that allows users to simultaneously dial up to 50 friends online. Messenger's top executive, David Marcus, announced via Facebook that the free service is rolling out globally over the next 24 hours to all Messenger users with the latest Android and iOS app updates.
Smart. But I bet I can name the companies the “anti” lobbyists work for.
WiredWest: a Cooperative of Municipalities Forms to Build a Fiber Optic Network
by Sabrina I. Pacifici on Apr 20, 2016
Western Massachusetts Towns Create a New Model for Last-Mile Connectivity, but a State Agency Delays Approval and Funding – A case study by David Talbot, Waide Warner, and Susan Crawford –
“WiredWest is a legal cooperative of 31 western Massachusetts towns that has put forward a detailed proposal to provide “last-mile” high-speed Internet access connections to homes and businesses in a rural region suffering from poor Internet access. The project has encountered delays in obtaining approvals and funding from a state agency called the Massachusetts Broadband Institute (MBI), which is responsible for providing $50 million in subsidies to solve the region’s Internet access problems. In this case study, we detail how WiredWest plans to finance the construction of a state-of-the-art fiber optic network and then operate and provide services over that network. WiredWest has already secured deposits in the amount of $49 from more than 7,100 pre-subscribers, developed a financial model, and drafted an operating agreement. It has taken a regional approach to spread risk and achieve economies of scale, making the model nationally relevant. (Another prominent example of a telecommunications cooperative providing high-speed Internet access is RS fiber, formed by 17 townships and 10 cities in Minnesota. RS Fiber is subject of this report by The Institute for Local Self Reliance.) The WiredWest cooperative network would connect to an $89.7 million “middle-mile” fiber optic network built by MBI to connect community institutions such as libraries, schools, hospitals, and government buildings in 45 towns considered “unserved” (because they lack any cable service), plus 79 other towns that had partial or full Internet access services. While the middle-mile network was meant to be the starting point for last-mile networks serving homes and businesses, at the time of this report’s publication, only one of the 45 unserved towns, Leverett, had built such a network. WiredWest would extend fiber’s benefits to a far wider region. So far 24 of WiredWest’s member towns have authorized borrowing a total of $38 million and most of those towns support going forward as part of WiredWest. Under the plan, they will pay about two-thirds of the network’s costs. To cover the remainder, they will need to receive a portion of the $50 million in available subsidies. But at the time of this report MBI had tabled any decision on the project amid a wider review of the last-mile program by the administration of Gov. Charlie Baker.”