So, who would benefit? Russia? North Korea?
China? Iran? Syria?
Hackers
Gain ‘Switch-Flipping’ Access to US Power Grid Control Systems
Security firm Symantec is warning that a series of
recent hacker attacks not only compromised energy companies in the US
and Europe but also resulted in the intruders gaining hands-on access
to power grid operations—enough control that they could have
induced blackouts on American soil at will.
Symantec on Wednesday revealed a new campaign of
attacks by a group it is calling Dragonfly 2.0, which it says
targeted dozens of energy companies in the spring and summer of this
year. In more than 20 cases, Symantec says the hackers successfully
gained access to the target companies’ networks. And at a handful
of US power firms and at least one company in Turkey—none of which
Symantec will name—their forensic analysis found that the hackers
obtained what they call operational access: control of the interfaces
power company engineers use to send actual commands to equipment like
circuit breakers, giving them the ability to stop the flow of
electricity into US homes and businesses.
… The only comparable situations, he says,
have been the repeated
hacker attacks on the Ukrainian grid that twice caused power
outages in the country in late 2015 and 2016, the first known
hacker-induced blackouts.
If you missed all the stories about hacking
MongoDB, the hackers thank you for you ignorance.
Liam Tung reports:
Three groups of hackers have wiped around 26,000 MongoDB databases over the weekend and demanded victims to pay about $650 to have them restored.
The new wave of MongoDB ransom attacks marks a resurgence of the massive assault on unsecured instances of the open-source NoSQL database earlier this year. The attacks were discovered by security researchers Victor Gevers and Niall Merrigan.
The current attacks are being tracked by Gevers and fellow researcher Dylan Katz. According to the ‘MongoDB ransacking’ Google Docs spreadsheet that the pair are updating, one group using the address ‘cru3lty@safe-mail.net’ has ransacked over 22,000 MongoDB instances.
Read more on ZDNet.
Weak protection for social media users.
If you have an account on Taringa,
also known as "The Latin American Reddit," your account
details may have compromised in a massive data breach that leaked
login details of almost all of its over 28 million users.
… The Hacker News has been informed by
LeakBase, a breach
notification service, who has obtained a copy of the hacked database
containing details on 28,722,877 accounts, which includes usernames,
email addresses and hashed passwords for Taringa users.
The hashed passwords use an ageing algorithm
called MD5 – which has been considered outdated even before 2012 –
that can easily be cracked, making Taringa users open to hackers.
Wanna know how weak is MD5? LeakBase team has
already cracked 93.79 percent (nearly 27 Million) of hashed passwords
successfully within just a few days.
This will likely generate more headlines and news
articles than attacks on the power grid. Did they learn to cheat
from the Patriots?
For decades, spying on another team has been as
much a part of baseball’s gamesmanship as brushback pitches and
hard slides. The Boston
Red Sox have apparently added a modern — and illicit — twist:
They used an Apple Watch to gain an advantage against the Yankees
and other teams.
Investigators for Major League Baseball have
determined that the Red Sox, who are in first place in the American
League East and very likely headed to the playoffs, executed a scheme
to illicitly steal hand signals from opponents’ catchers in games
against the second-place Yankees and other teams, according to
several people briefed on the matter.
The baseball inquiry began about two weeks ago,
after the Yankees’ general manager, Brian Cashman, filed a detailed
complaint with the commissioner’s office that included video the
Yankees shot of the Red Sox dugout during a three-game series between
the two teams in Boston last month.
The Yankees, who had long been suspicious of the
Red Sox’ stealing catchers’ signs in Fenway Park, contended the
video showed a member of the Red Sox training staff looking at his
Apple Watch in the dugout. The trainer then relayed a message to
other players in the dugout, who, in turn, would signal teammates on
the field about the type of pitch that was about to be thrown,
according to the people familiar with the case.
Baseball
investigators corroborated the Yankees’ claims based on video the
commissioner’s office uses for instant replay and broadcasts, the
people said. The commissioner’s office then confronted the Red
Sox, who admitted that their trainers had received signals from video
replay personnel and then relayed that information to Red Sox players
— an operation that had been in place for at least several weeks.
… Stealing
signs is believed to be particularly effective when there is a runner
on second base who can both watch what hand signals the catcher is
using to communicate with the pitcher and can easily relay to the
batter any clues about what type of pitch may be coming. Such
tactics are allowed as long as teams do not use any methods beyond
their eyes. Binoculars and electronic devices are both prohibited.
(Related) Besides, Cory Doctorow is one of my
favorite writers. An article worth reading!
Cheating is a given.
Inspectors certify that gas-station pumps are
pumping unadulterated fuel and accurately reporting the count, and
they put tamper-evident seals on the pumps that will alert them to
attempts by station owners to fiddle the pumps in their favor. Same
for voting machines, cash registers, and the scales at your grocery
store.
The basic theory of cheating is to assume that the
cheater is ‘‘rational’’ and won’t spend more to cheat than
they could make from the scam: the cost of cheating is the risk of
getting caught, multiplied by the cost of the punishment (fines,
reputational damage), added to the technical expense associated with
breaking the anti-cheat mechanisms.
Software changes the theory. Software – whose
basic underlying mechanism is ‘‘If this happens, then do this,
otherwise do that’’ – allows cheaters to be a lot more subtle,
and thus harder to catch. Software
can say, ‘‘If there’s a chance I’m undergoing inspection,
then be totally honest – but cheat the rest of the time.’’
This presents profound challenges to our current
regulatory model: Vegas slot machines could detect their location and
if they believe that they are anywhere near the Nevada Gaming
Commission’s testing labs, run an honest payout. The rest of the
time, they could get up to all sorts of penny-shaving shenanigans
that add up to millions at scale for the casino owners or the
slot-machine vendors (or both).
… The most famous version of this is
Volkswagen’s Dieselgate scandal, which has cost the company
billions (and counting): Volkswagen engineered several models of its
diesel vehicles to detect when the engine was undergoing emissions
testing and to tilt the engines’ performance in favor of low
emissions (which also meant more fuel consumption). The rest of the
time, the engines defaulted to a much more polluting mode that also
yielded better gas mileage. Thus the cars were able to be certified
as low-emissions by regulators and as high efficiency by reviewers
and owners – having their cake and eating it too.
Do you really need AI to point out information
that should already be in your reports? Perhaps you just need to
read the reports!
Banks
Testing IBM's AI Tech for Employee Surveillance
Lenders asked International Business Machines
Corp. if it were possible to use the technology to also watch
retail-banking salespeople, loan officers and other workers,
according to Marc Andrews, a manager on the company’s Watson
financial services team. Several of the biggest U.S. banks, as well
as some regional banks, are testing the software, Andrews said. He
declined to name them.
IBM trained Watson to collect information that
could’ve helped detect problems at Wells Fargo, which said last
week that employees opened as many as 3.5 million bogus checking and
credit-card accounts for unsuspecting customers, even more than its
original estimate when the scandal broke last year. Watson looks for
suspicious logon patterns, unusual levels of unused products or
accounts with mismatched contact information or email notifications
that have been switched off, Andrews said. The artificial
intelligence program, which understands human language, sifts through
employee emails for trends such as managers pressuring workers to
make sales, he said.
“Banks hadn’t been investing as much into this
area until there was a big incident last year,” Andrews said,
referring to the Wells Fargo scandal. “Right now, they know right
away if an ATM is broken. But if there are trends emerging like a
lot of people complaining about an account being opened that they
weren’t aware of, how quickly does that surface up to the
executives?”
… Some correlations aren’t obvious. In the
U.S., a trader’s use of profanity drops shortly before an episode
of misconduct, Andrews said, as “maybe they’re trying to be a
little more careful.” But in the U.K., traders tend to curse more
before committing misdeeds.
What is a fair balance? Answering a child's text
message is certainly Okay. Binge watching 'Game of Thrones' probably
not.
Europe
Court Backs Employee Fired Over Private Messages
Europe's
top rights court on Tuesday restricted the ability of employers
to snoop on their staff's private messages, in a landmark ruling
with wide ramifications for privacy in the workplace.
The highest body of the European Court of Human
Rights (ECHR) ruled in favour of a 38-year-old Romanian man who
claimed his rights had been violated when he was sacked in 2007 for
sending private chat messages in the office.
… In
a first ruling in January last year, the ECHR found that the snooping
was allowed because employers were justified in wanting to verify
"that employees were completing their professional tasks during
working hours".
But
in a review, the 17 most senior judges at the court based in
Strasbourg, France, found Tuesday that Romanian courts "had not
adequately protected Mr Barbulescu's right to respect for his private
life and correspondence".
In
a written judgement, backed by 11 votes to six, they found that
previous court rulings had "failed to strike a fair balance
between the interests at stake", namely the company's right to
check on employees and employees' right to privacy.
The
judges also found that "an
employer's instructions could not reduce private social life in the
workplace to zero", meaning that some use of the
internet at work for personal reasons was justified.
The
ruling will become law in the 47 countries that have ratified the
European Convention on Human Rights, meaning some members will have
to adjust their national legislation.
Marketing
vs Reality? Do managers ever check this stuff?
Facebook’s
Ad Metrics Come Under Scrutiny Yet Again
Facebook's
advertising metrics have again been called into question, after
Pivotal Research Group senior analyst Brian Wieser pointed out a
large discrepancy between U.S. census data and the potential reach
that the social network promises advertisers.
On Tuesday, Wieser
issued a note pointing out that Facebook's Adverts Manager tool
promises a potential reach of 41 million 18-24 year-olds in the U.S.,
while recent census data said there only 31 million people living in
the U.S. within that age range.
For 25-34 year-olds, Facebook claims a potential
reach of 60 million, versus the 45 million people counted in the
census last year.
No comments:
Post a Comment