What if an architecture emerges that permits constant monitoring; an architecture that facilitates the constant tracking of behavior and movement. What if an architecture emerged that would costlessly collect data about individuals, about their behavior, about who they wanted to become. And what if the architecture could do that invisibly, without interfering with an individual’s daily life at all? … This architecture is the world that the net is becoming. This is the picture of control it is growing into. As in real space, we will have passports in cyberspace. As in real space, these passports can be used to track our behavior. But in cyberspace, unlike real space, this monitoring, this tracking, this control of behavior, will all be much less expensive. This control will occur in the background, effectively and invisibly. -Lawrence Lessig, “The Laws of Cyberspace,” 1998
Friday, May 18, 2018
Here is how the pros do it. I wonder if anyone has recommended an App to President Trump?
North Korea-tied hackers used Google Play and Facebook to infect defectors
Researchers said a team of hackers tied to North Korea recently managed to get the Google Play market to host at least three Android apps designed to surreptitiously steal personal information from defectors of the isolated nation.
The three apps first appeared in the official Android marketplace in January and weren’t removed until March when Google was privately notified. That’s according to a blog post published Thursday by researchers from security company McAfee. Two apps masqueraded as security apps, and a third purported to provide information about food ingredients. Hidden functions caused them to steal device information and allow them to receive additional executable code that stole personal photos, contact lists, and text messages.
The apps were spread to selected individuals, in many cases by contacting them over Facebook. The apps had about 100 downloads when Google removed them. Nation-operated espionage campaigns frequently infect a small number of carefully selected targets and keep the number small in an attempt to remain undetected. Thursday’s report is the latest to document malicious apps that bypassed Google filters designed to keep bad wares out of the Play market.
… In January, McAfee reported finding malicious apps targeting North Korean journalists and defectors. Some of the Korean words found in the control servers weren’t used in South Korea but were used in North Korea. The researchers also found a North Korean IP address in a test log file of some Android devices that were connected to accounts used to spread the malware. McAfee said the developers didn’t appear to be connected to any previously known hacking groups. The researchers named the group Sun Team after finding a deleted folder called “sun Team Folder.”
Just one of millions of the tiny errors that hacker exploit.
Cell phone tracking firm exposed millions of Americans' real-time locations
… The company, LocationSmart, is a data aggregator and claims to have "direct connections" to cell carriers to obtain locations from nearby cell towers. The site had its own "try-before-you-buy" page that lets you test the accuracy of its data. The page required explicit consent from the user before their location data can be used by sending a one-time text message to the user. When we tried with a colleague, we tracked his phone to a city block of his actual location.
But that website had a bug that allowed anyone to track someone's location silently without their permission.
"Due to a very elementary bug in the website, you can just skip that consent part and go straight to the location," said Robert Xiao, a PhD student at the Human-Computer Interaction Institute at Carnegie Mellon University, in a phone call.
"The implication of this is that LocationSmart never required consent in the first place," he said. "There seems to be no security oversight here."
It’s a start...
DHS Publishes New Cybersecurity Strategy
The U.S. Department of Homeland Security (DHS) this week published its long-delayed Cybersecurity Strategy. It had been mandated by Congress to deliver a strategy by March 2017, and did so on May 15, 2018.
The strategy is defined in a high-level document (PDF) of 35 pages. Its scope is to provide "the Department with a framework to execute our cybersecurity responsibilities during the next five years to keep pace with the evolving cyber risk landscape by reducing vulnerabilities and building resilience; countering malicious actors in cyberspace; responding to incidents; and making the cyber ecosystem more secure and resilient."
… Of necessity, however, the five pillars and seven goals are defined in very basic terms. They define objectives, sub-objectives and outcomes – but with little on methods. For example, goal #1 (the risk identification pillar) is to assess evolving cybersecurity risks. This will be achieved by working with "stakeholders, including sector-specific agencies, nonfederal cybersecurity firms, and other federal and nonfederal entities, to gain an adequate understanding of the national cybersecurity risk posture, analyze evolving interdependencies and systemic risk, and assess changing techniques of malicious actors."
However, nobody was able to predict, detect or prevent Russian meddling in the 2016 presidential election, nor the WannaCry and NotPetya outbreaks. The implication is that something new and beyond just increased interagency cooperation needs to be done to achieve genuine risk identification.
Another failed IT project?
US federal immigration officials have abandoned pursuit of a controversial machine-learning technology to help with "extreme vetting" of foreign visitors
Sort of a multi-generational Big Brother to guide the entire human race. You can’t say they don’t think big.
Google's Hypothetical 'Selfish Ledger' Imagines Collecting All Your Data to Push You to Change Society
A couple of years ago, Alphabet’s X “moonshot factory” conjured up a concept that describes how total and absolute data collection could be used to shape the decisions you make. And now a video about that concept has leaked online.
The video was obtained and published on Thursday by The Verge. It describes a so-called “Selfish Ledger” that would collect all of your data, including actions you make on your phone, preference settings, and decisions you make, and not just keep it there for future evaluation. Instead, the ledger, which would be designed and managed by Google, would interpret that information and guide you down a path towards reaching a goal, or on a broader scale, doing your part to help solve poverty or other societal problems.
20 years of the Laws of Cyberspace
20 years of the Laws of Cyberspace – Harvard’s Berkman Klein event celebrates how Lawrence Lessig’s groundbreaking paper provided structure to the Center’s field of study.
My cousin, the crook?
DNA Data From 100 Crime Scenes Has Been Uploaded To A Genealogy Website — Just Like The Golden State Killer
The remarkable sleuthing method that tracked down the Golden State Killer was not a one-off. A company in Virginia is now working with several law enforcement agencies to solve cases using the same “genetic genealogy” approach that led investigators in California to arrest Joseph James DeAngelo.
The company, Parabon NanoLabs, has already loaded DNA data from about 100 crime scenes into a public genealogy database called GEDmatch. And in about 20 of these cases, the company says, it has found matches with people estimated to be the suspect’s third cousins or even closer relatives.
“We were actually pretty surprised,” Ellen Greytak, Parabon’s director of bioinformatics, told BuzzFeed News. With those known genetic connections, she said, investigators have a good chance of using genealogical research to draw family trees and identify possible suspects. Some arrests could come quickly, she suggested. “I think there is going to be press around this very soon.”
… At Microsoft, Horvitz helped establish an internal ethics board in 2016 to help the company navigate potentially tricky spots with its own AI technology. The group is cosponsored by Microsoft’s president and most senior lawyer, Brad Smith. It has prompted the company to refuse business from corporate customers, and to attach conditions to some deals limiting the use of its technology.
Horvitz declined to provide details of those incidents, saying only that they typically involved companies asking Microsoft to build custom AI projects. The group has also trained Microsoft sales teams on applications of AI the company is wary of.
Google … promised that it would require a new, hyperrealistic form of its voice assistant to identify itself as a bot when speaking with humans on the phone. The pledge came two days after CEO Sundar Pichai played impressive—and to some troubling—audio clips in which the experimental software made restaurant reservations with unsuspecting staff.
What Google isn't telling us about its AI demo
… Axios asked Google for the name of the hair salon or restaurant, in order to verify both that the businesses exist and that the calls were not pre-planned. We also said that we'd guarantee, in writing, not to publicly identify either establishment (so as to prevent them from receiving unwanted attention).
A longtime Google spokeswoman declined to provide either name.
We also asked if either call was edited, even perhaps just cutting the second or two when the business identifies itself. And, if so, were there other edits? The spokeswoman declined comment, but said she'd check and get back to us. She didn't.
Perspective. But all the political journalists do.
Very Few Voters Actually Read Trump’s Tweets
… since politicians are known for boring, repetitive, long-winded speeches, what could be a better political platform than one that literally forbids using more than 280 characters at a time? Twitter seems good for Trump, too: As his allies often say, it gives the president a way to speak directly to the American electorate, getting around the media’s filter. Trump’s Twitter account is followed by 52 million people, not that far off from the nearly 63 million who voted for him in 2016.
But some data released this week should give Trump and his supporters pause about the power of his Twitter account in directly reaching American voters — and push the media to think carefully about its coverage of Trump’s tweets. Only 8 percent of U.S. adults say they follow Trump’s Twitter account (@realDonaldTrump), and only 4 percent say they follow his account and regularly read the president’s tweets, according to a new Gallup poll.
Zillman makes large and useful collections. Always worth a careful read!
New on LLRX – 2018 New Economy Resources and Tools
Via LLRX.com – 2018 New Economy Resources and Tools – This guide by Marcus Zillman provides researchers in multiple disciplines – law, economists, academia, government, corporate, and journalism – the latest, most reliable web resources for discovering sources to meet the multifaceted needs of time sensitive, specific, actionable work product. The global economic landscape is rapidly changing as transparency, big data and the ability to access data from new and now accessible databases are increasingly available through portals and sites around the world. Understanding how to locate and leverage new economy analytics, resources and alerts will provide you with keep tools and techniques to expand access to requisite knowledge that you can apply daily in your work place.
Could be handy for my researchers…