Tuesday, February 13, 2018
We’ll probably have to wait for the Olympics to end before they start naming names. (Russia)
… The cyberattack took out internet access and telecasts, grounded broadcasters’ drones, shut down the Pyeongchang 2018 website, and prevented spectators from printing out reservations and attending the ceremony, which resulted in an unusually high number of empty seats.
Security experts said they had uncovered evidence that the attack had been in the works since late last year. It was directed at the Pyeongchang Organizing Committee and incorporated code that was specifically designed to disrupt the Games or perhaps even send a political message.
… “This attacker had no intention of leaving the machine usable,” a team of researchers at Cisco’s Talos threat intelligence division wrote in an analysis Monday. “The purpose of this malware is to perform destruction of the host” and “leave the computer system offline.”
In an interview, Talos researchers noted that there was a nuance to the attack that they had not seen before: Even though the hackers clearly demonstrated that they had the ability to destroy victims’ computers, they stopped short of doing so. They erased only backup files on Windows machines and left open the possibility that responders could still reboot the computers and fix the damage.
“Why did they pull their punch?” asked Craig Williams, a senior technical leader at Talos. “Presumably, it’s making some political message” that they could have done far worse, he said.
… Adam Meyers, vice president of intelligence at CrowdStrike, said his team had discovered time stamps that showed the destructive payload that hit the opening ceremony was constructed on Dec. 27 at 11:39 a.m. Coordinated Universal Time — which converts to 6:39 a.m. Eastern Time, 2:39 p.m. in Moscow and 8:39 p.m. in South Korea.
Attackers clearly had a target in mind: The word Pyeongchang2018.com was hard-coded into their payload, as was a set of stolen credentials belonging to Pyeongchang Olympic officials. Those stolen credentials allowed attackers to spread their malware throughout the computer networks that support the Winter Games on Friday, just as the opening ceremony was timed to begin.
Security companies would not say definitively who was behind the attack, but some digital crumbs led to a familiar culprit: Fancy Bear, the Russian hacking group with ties to Russian intelligence services.
Food for thought.
What could possibly go wrong, right?
Read this presser to get some more background and details.
Thanks to Joe Cadillic for these links. I imagine he’ll have tons to say on his blog about all this. Me, I’m just stockpiling those little thingees that block cameras on devices.
How very Facebook of them.
Facebook is suggesting mobile users 'Protect' themselves...by downloading a Facebook-owned app that tracks their mobile usage
Facebook is now offering some mobile app users a wireless-networking app without first disclosing that it's owned by Facebook, or that it collects information for the social networking company.
The app, Onavo Protect, provides users with a virtual private network, or VPN. Typically, a VPN cloaks the user's identity and adds other security features, making it a more secure way to get online, particularly when using public Wi-Fi networks.
Yet the Onavo app also tracks data that it shares with Facebook and others, "including the applications installed on your device, your use of those applications, the websites you visit and the amount of data you use," according to its own privacy policies.
Facebook can use that data to track what users do online even when they're not on one of its websites. The company could also find out how apps made by its rivals, such as Snap and Twitter, are being used.
Interesting. I wonder what else the UK will want to block in the future?
UK unveils extremism blocking tool
The UK government has unveiled a tool it says can accurately detect jihadist content and block it from being viewed.
Home Secretary Amber Rudd told the BBC she would not rule out forcing technology companies to use it by law.
Ms Rudd is visiting the US to meet tech companies to discuss the idea, as well as other efforts to tackle extremism.
Thousands of hours of content posted by the Islamic State group was run past the tool, in order to "train" it to automatically spot extremist material.
The government provided £600,000 of public funds towards the creation of the tool by an artificial intelligence company based in London.
ASI Data Science said the software can be configured to detect 94% of IS video uploads.
… The company said it typically flagged 0.005% of non-IS video uploads. On a site with five million daily uploads, it would flag 250 non-IS videos for review.
It is intended to lighten the moderation burden faced by small companies that may not have the resources to effectively tackle extremist material being posted on their sites.
(Related) “We can, therefore we must!”
The medical profession has an ethic: First, do no harm.
Silicon Valley has an ethos: Build it first and ask for forgiveness later.
Now, in the wake of fake news and other troubles at tech companies, universities that helped produce some of Silicon Valley’s top technologists are hustling to bring a more medicine-like morality to computer science.
This semester, Harvard University and the Massachusetts Institute of Technology are jointly offering a new course on the ethics and regulation of artificial intelligence. The University of Texas at Austin just introduced a course titled “Ethical Foundations of Computer Science” — with the idea of eventually requiring it for all computer science majors.
And at Stanford University, the academic heart of the industry, three professors and a research fellow are developing a computer science ethics course for next year.
Cisco: Cloud computing workloads to skyrocket by 2021
Cloud computing workloads continue to skyrocket and will account for 95% of all data center traffic by 2021, according to Cisco's most recent Global Cloud Index study, released this week. The vendor said global cloud data center traffic will more than triple in the next three years, rising from 6 zettabytes in 2016 to 19.5 zettabytes by 2021.
… In the study, Cisco said security concerns that formerly hindered the extent of cloud adoption have diminished, further contributing to the increase in cloud computing workloads.
In addition, IoT and related systems, encompassing such operations as connected healthcare and digital utilities, have further fueled the growth in cloud traffic. Cisco said IoT connections are projected to reach almost 14 billion in 2021, more than twice as many as there were in 2016.
Oracle Leaps Into the Costly Cloud Arms Race
Oracle Corp. plans to quadruple the number of its giant data-center complexes over the next two years, a move that could significantly boost capital spending as it tries to chip away at Amazon.com Inc.’s massive lead in the cloud-infrastructure market.
The expansion thrusts Oracle into an expensive arms race against the market’s biggest spenders, Amazon, Microsoft Corp. and Alphabet Inc.’s Google. Those giants are working to wrest away traditional Oracle database customers shifting from their own data centers to web-based...
Perspective. Fueling the next ‘energy crisis?’
Energy riches fuel bitcoin craze for speculation-shy Iceland
Iceland is expected to use more energy “mining” bitcoins and other virtual currencies this year than it uses to power its homes.
Perspective. Up until WWII, the British navy probably went through the South China Sea every week. (And their navigators knew that was not “on the way home” from Australia.)
British defense secretary says warship bound for South China Sea: media
A British warship will sail through the South China Sea next month to assert freedom-of-navigation rights, British Defence Secretary Gavin Williamson said in remarks published on Tuesday.
… The frigate HMS Sutherland will sail through the region after a visit to Australia, Williamson said in an interview with The Australian newspaper.
“She’ll be sailing through the South China Sea (on the way home) and making it clear our navy has a right to do that,” he said, according to the newspaper.
Dow Jones – 100 Year Historical Chart
Macrotrends: “Interactive chart of the Dow Jones Industrial Average stock market index for the last 100 years. Historical data is inflation-adjusted using the headline CPI and each data point represents the month-end closing value. The current month is updated on an hourly basis with today’s latest value.
For my Data Management students.
For my Computer Security students.
Interesting tool for pointing out evidence?
Pixorize - Free Image Annotation Tool
Pixorize is a free tool for adding interactive annotations to your images. Using Pixorize is a fairly straight-forward process. To get started just upload any picture that you have saved on your computer. (After your image is uploaded you may need to resize it to make it fit into your browser). Once the image is uploaded you can add points, circles, squares, and stars as annotation markers on your image. After adding an annotation marker you can write text to explain the element of the image to which you are calling attention.
To save and or share your work on Pixorize you must create an account. However, creating an account didn't require validating your email address (I created an account with a fake email address that I have for one of my dogs). After saving your image on Pixorize you can share a link to it or embed it in a blog post as I have done below.
Pixorize is still a new product, but it has great potential as an alternative to Thinglink. You could have students use Pixorize to annotate diagrams, maps, or images like the one in my example featured above.