Monday, May 08, 2017

This week, we’re studying encryption.
Amnesty International – How private are your favourite messaging apps?
by Sabrina I. Pacifici on May 7, 2017
We’ve ranked 11 companies that run the world’s most popular messaging apps – including Skype, Snapchat and Facebook Messenger – on how well they’re using encryption to protect your online privacy.  In particular, we’ve looked at whether they apply end-to-end encryption – a way of making your photos, videos and chats unintelligible to anyone but you and the people you’re talking to.  This is how they fared.


No matter how well you train your employees, these still work! 
BEC attacks have hit thousands, top $5 billion in losses globally
An updated advisory form the FBI says that Business Email Compromise (BEC) attacks have become a multi-billion-dollar scam worldwide, as criminals take advantage of lax policies and human nature.
   At their core, BEC attacks are a variation on Social Engineering, designed to target a person's normal routine.  Social Engineering isn't easily detected or defeated, so when the criminals ask for something that isn't unusual or out of victim's comfort zone, the attack is often successful.
   The stats are concerning. According to the published data, between January 2015 and December 2016 the amount of exposed losses skyrocketed by more than 2,000-percent, with BEC attacks being reported in all fifty states and 131 countries.
   BEC attacks exist in a number of forms, including wire transfer requests or business requests dealing with personal information, such as W-2 records.  Some attacks include the use of compromised email accounts within the organization or those tied to the victims somehow.
When it comes to BEC attacks targeting W-2 information, 2017 is a record setting year with at least 200 reported cases since January, impacting more than 120,000 taxpayers.
   Organizations are trying to keep ahead of the curve by focusing on awareness training – including BEC attacks.  But such measures don't cover every situation, and they won't help if the habits placing the organization at risk in the first place aren't changed, including office communications dealing with sensitive information.
   The alert issued last week has a number of tips and steps for organizations and victims when it comes to these attacks.

(Related)
Phishing Explained by Common Craft
Last week's viral Google Docs phishing scam provided a good reminder to many that we should always give a critical eye to emails and social media posts that don't look quite right.  It also served as a reminder that we need to educate students and, sometimes, our colleagues about phishing attempts.  Common Craft has an excellent video on the topic.  You can watch the video  on the Common Craft website.
On a related note, if you get a Facebook friend request from someone you're already friends with, it's likely a scam.


Good news for my Ethical Hacking students?
Cyberspies tap free tools to make powerful malware framework
Over the past year, a group of attackers has managed to infect hundreds of computers belonging to government agencies with a malware framework stitched together from JavaScript code and publicly available tools.
The attack, analyzed by researchers from antivirus firm Bitdefender, shows that cyberespionage groups don't necessarily need to invest a lot of money in developing unique and powerful malware programs to achieve their goals.  In fact, the use of publicly available tools designed for system administration can increase an attack's efficiency and makes it harder for security vendors to detect it and link it to a particular threat actor.
The Bitdefender researchers have dubbed the newly discovered attack group Netrepser and traced back some of its attack campaigns to May 2016.  The group is still active, but to Bitdefender's knowledge its attacks have never been publicly documented before, which might be in part because its campaigns are highly targeted.


See?  Celebrities are just like real people!  Or at least their vendors are.
Nicole Perlroth reports on how hackers go after vendors and contractors to gain access to their real targets.  It’s something TheDarkOverlord emphasized repeatedly in discussing their attacks with me since last year, and Perlroth provides other examples as well:
In December, hackers impersonating an executive at Interscope Records, the record label owned by Universal Music Group, managed to bypass all the latest in digital defenses with a simple email.
In a carefully tailored message, the hackers urged an executive at September Management, a music management business, and another at Cherrytree Music Company, a management and record company, to send them Lady Gaga’s stem files — files used by music engineers and producers for remixing and remastering.
Read more on NY Times.


Hey!  The government does it! 
Cory Doctorow reports:
Comparitech commissioned a survey of 2,000 people in the US and UK to ask whether they thought “it is legal to install a program on a partner’s phone to snoop on their activity?” and whether they would “ever consider adding a program to your child’s phone that allows you to listen to their conversations and spy on their messages?”
The survey was prompted by Joseph Cox’s excellent reporting on Flexispy, a company that markets illegal spyware to jealous spouses and helicopter parents through a network of shadowy, Ponzi-like “affiliates” around the world, and by the finding that survivors of domestic abuse report that their abusers frequently use tools like Flexispy to track them.
Read more on BoingBoing.


This might help us catch the hackers who strip ATMs of all their cash.
Macau to require facial scans at ATMs in Chinese casino hub
Taking security to a new level, Macau is stepping up security checks at ATMs in the Asian gambling hub by requiring facial scans and ID card verification for cash withdrawals using China's main payment network.
The government said in a statement late Sunday that the new measures would eventually be rolled out to all automated teller machines in the former Portuguese colony, especially those inside casinos or nearby.  It didn't give a specific timeframe.
   The measures apply to users of UnionPay bank cards issued in mainland China, in a sign that authorities are targeting mainland visitors.  UnionPay is China's homegrown payment network rivaling the Visa and MasterCard systems.


An AI hacker?  Might be a useful research project!
In the near future, as artificial intelligence (AI) systems become more capable, we will begin to see more automated and increasingly sophisticated social engineering attacks.  The rise of AI-enabled cyberattacks is expected to cause an explosion of network penetrations, personal data thefts, and an epidemic-level spread of intelligent computer viruses.  Ironically, our best hope to defend against AI-enabled hacking is by using AI.  But this is very likely to lead to an AI arms race, the consequences of which may be very troubling in the long term, especially as big government actors join the cyber wars.


Could AI doom an entire industry?  More likely, Uber will buy self-driving cars.
How Self-Driving Cars Could End Uber
Mega-startup’s greatest threat: the disappearance of car-owning drivers caused by the rise of autonomous vehicles


I’ve had my students thinking about data centers for the last few weeks.
Bridgestone modernizes data center, hauls out 13 tons of copper wire
   That center opened on Oct. 9, 1968, with racks and racks of tapes and a water-cooled mainframe.  Today, it is the home of systems supporting an almost completely virtualized environment.
Bridgestone recently finished consolidating six data centers, totaling about 25,000 square feet, into one 10,000-square-foot facility.  The project began in 2015 and cost $17.3 million.
   The project went from wall to wall and included hauling out 26,000 pounds of copper wiring.
The data center now has 67 miles of fiber-optic cabling.
The near 50-year history of the place provides a benchmark for measuring change.  In 1968, the data center had 8,500 miles of tape storing 1,986 gigabytes of data, or about 2 terabytes, an amount of data that can fit on a 2TB thumb drive.  Today, the data center holds about 3.5 petabytes of data, said Bridgestone officials, or about 3.5 million GB.


…because no one reads the news in Facebook? 
Facebook takes out full-page newspaper ads to help U.K. citizens detect fake news online
   Appearing in nationwide titles including the Guardian and the Telegraph, Facebook’s “Tips for spotting false news” ad is similar to the one it published in France last month, and covers areas such as being skeptical of misleading headlines, spotting manipulated images, and checking the URL of the story.  Though the advice offered doesn’t always help — for example, in “Consider the photos,” the text reads: “You can search for the photo or image to verify where it came from.”  Anyone requiring advice on how to spot fake news through a newspaper ad likely isn’t tech savvy enough to know how to do that, or even what it means. [A rather low opinion of British citizens?  Bob]


…because everyone lies on Facebook?
Google big data reveals who we are in stark contrast to Facebook posts
by Sabrina I. Pacifici on May 7, 2017
“It is now official.  Scholars have analyzed the data and confirmed what we already knew in our hearts.  Social media is making us miserable. We are all dimly aware that everybody else can’t possibly be as successful, rich, attractive, relaxed, intellectual and joyous as they appear to be on Facebook.  Yet we can’t help comparing our inner lives with the curated lives of our friends.  Just how different is the real world from the world on social media?  In the real world, The National Enquirer, a weekly, sells nearly three times as many copies as The Atlantic, a monthly, every year.  On Facebook, The Atlantic is 45 times more popular.  Americans spend about six times as much of their time cleaning dishes as they do golfing.  But there are roughly twice as many tweets reporting golfing as there are tweets reporting doing the dishes…  The search for online status takes some peculiar twists…  Sufferers of various illnesses are increasingly using social media to connect with others and to raise awareness about their diseases.  But if a condition is considered embarrassing, people are less likely to publicly associate themselves with it…  I have actually spent the past five years peeking into people’s insides.  I have been studying aggregate Google search data.  Alone with a screen and anonymous, people tend to tell Google things they don’t reveal to social media; they even tell Google things they don’t tell to anybody else.  Google offers digital truth serum.  The words we type there are more honest than the pictures we present on Facebook or Instagram…  As our lives increasingly move online, I propose a new self-help mantra for the 21st century, courtesy of big data: Don’t compare your Google searches with other people’s Facebook posts.”


Towards automated lawyers!
AI Closes In On The Work Of Junior Lawyers
Chances are if you’re a paralegal or a junior lawyer entering the field, you’d rather spend your time doing other things than scanning documents for clients’ names or other mundane information.  New artificial intelligence systems designed specifically for law firms can help remedy that situation by automating some of these lower-level jobs.
Why it matters: Although some entry-level paralegal jobs could be replaced by automation, AI systems cannot replicate the creativity, empathy, and argumentative reasoning required of a lawyer — so your lawyer won’t be replaced by a robot any time soon.  Furthermore, these AI advancements could open new, more fulfilling opportunities for aspiring lawyers to break into the field in a role that is more closely aligned to what they would do in the court room or when working with clients.
What’s next: Deloitte predicts 116,000 legal jobs will be lost to automation in the next 20 years.


Jeff Bezos scores another win.
Amazon is Dominating The Voice-Assisted Speaker Market
   The e-commerce giant has a 70% share of the emerging voice-controlled speaker market compared to 23.8% for rival Google, research firm eMarketer said on Monday.
Amazon's huge lead puts it in a strong position in a fast growing business.  In addition to making money from selling the devices, Amazon also benefits from Echo users buying more products from the company's marketplace.


Will California be next?
India plans to prioritize electric vehicles over hybrids
India’s most influential government think-tank has recommended lowering taxes and interest rates for loans on electric vehicles, while capping sales of conventional cars, signalling a dramatic shift in policy in one of the world’s fastest growing auto markets.
A draft of the 90-page blueprint, seen by Reuters, also suggests the government opens a battery plant by the end of 2018 and uses tax revenues from the sale of petrol and diesel vehicles to set up charging stations for electric vehicles.
   It would also mark a radical response by India as it looks to cut its oil import bill to half by 2030 and reduce emissions as part of its commitment to the Paris climate treaty.


Perspective.  And because I follow this market, thirstily.
Salud! Mexico Passes Germany in World Beer Market Share: Chart


Perspective.  ‘cause we gotta follow stuff like this?  Something for my next statistics class?
People Are Liking Trump’s Tweets Less
The tweets posted by @realDonaldTrump, the account Trump has used personally, are now notching fewer “likes” now than those from January.  Sixty-two percent of Trump’s tweets posted in the first 50 days of his term amassed more than 100,000 likes, according to a Bloomberg analysis.  Just 10 percent of his tweets over the following 51 days crossed that threshold.

(Related).  I don’t think so.
The Case for a Taxpayer-Supported Version of Facebook
“A public social media platform would have the civic mission of providing us a diverse and global view of the world.”  [I’m not sure we are ready for that.  Bob] 
   My colleague Yochai Benkler and I recently offered a different explanation for Trump’s election.  With our teams at Harvard and MIT, we analyzed 1.25 million news stories, using hyperlinks and mentions on Twitter and Facebook to map the ecosystem of campaign media.  We discovered that while left and centrist voters relied heavily on traditional media to understand the election, the dominant source of information shared by right-wing voters on Facebook and Twitter was Breitbart, which anchored a media ecosystem of new, online-only outlets that mixed propaganda and conspiracy theory with partisan news.


Would a really diverse (and divisive) field guarantee Trump’s reelection?  Note that Mark Zuckerberg is mentioned…
The 7 Signs That Someone Might Be Running For President In 2020


Dilbert points out one downside of true AI.

No comments: