Wednesday, November 14, 2018

The best hacks always try to look like an innocent mistake. Sometimes mistakes look like they aren’t so innocent.
Google Internet Traffic Wasn't Hijacked, But It Was Out of Control
For two hours Monday, internet traffic that was supposed to route through Google's Cloud Platform instead found itself in quite unexpected places, including Russia and China. But while the haphazard routing invoked claims of traffic hijacking—a real threat, given that nation states could use the technique to spy on web users or censor services—the incident turned out to be a simple mistake with outsized impacts.
Google noted that almost all traffic to its services is encrypted, and wasn't exposed during the incident no matter what. As traffic pinballed across ISPs, though, some observers, including the monitoring firm ThousandEyes, saw signs of malicious BGP hijacking—a technique that manipulates the web's Border Gateway Protocol, which helps ISPs automatically collaborate to route traffic seamlessly across the web.
ThousandEyes saw Google traffic rerouting over the Russian ISP TransTelecom, to China Telecom, toward the Nigerian ISP Main One. "Russia, China, and Nigeria ISPs and 150-plus [IP address] prefixes—this is obviously very suspicious," says Alex Henthorne-Iwane, vice-president of product marketing at ThousandEyes. "It doesn’t look like a mistake."
… In this case, it appears that the Russian and Chinese ISPs, and perhaps others as well, offered a path to the Google traffic because they hadn't implemented protective configurations. [Think of it as keeping a door open for anything you can grab. Bob]




Think of this as a guide to social engineering of senior management.
Heads rolled in this one, when executives did not spot or prevent business email compromise. As reported by DutchNews.nl:
The Dutch operation of the Pathé cinema group was ripped off by internet con men to the tune of over €19m, court documents published on Friday show.
The con cost both the chief executive and financial director of the Dutch operation their jobs, and it is unclear if any of the money has been recovered.
The court documents, which cover the unfair dismissal case brought by sacked finance chief Edwin Slutter, show in detail how the thieves went about scamming Pathé Nederland earlier this year.
Read more at DutchNews.nl.




One person ignoring one procedure and no one checked?
20,667 Drunken-Driving Convictions Tainted by Bad Breathalyzer Test in New Jersey
More than 20,000 drunken-driving convictions in New Jersey could be in jeopardy after the state’s highest court ruled on Tuesday that breathalyzer tests used to win those judgments were inadmissible.
The unanimous ruling by the Supreme Court stems from criminal charges brought more than two years ago against a State Police sergeant who was accused of falsifying calibration records on breath test devices that were used in five of New Jersey’s 21 counties.
It is unclear how state courts and law enforcement officials will now proceed. The Supreme Court ruling does not automatically expunge all the drunken-driving convictions, but the justices did note that defendants tested by the affected breath machines could now seek to challenge their convictions.




This looks like the “Big is always bad” argument mixed with a bit of the “we are powerless to stop them” rant.
Google, Facebook, and Amazon benefit from an outdated definition of “monopoly”
Quartz: “…big tech companies have amassed so much power that even Apple CEO Tim Cook has called for stricter regulations to be placed on them. Google owns 92% market share of internet searches, Facebook an almost 70% share of social networks. Both have a duopoly in advertising with no credible competition or regulation. [Incredible! Bob] Amazon, meanwhile, is crushing retailers and faces conflicts of interest as both the dominant e-commerce seller and the leading online platform for third-party sellers. Apple’s iPhone and Google’s Android completely control the mobile app market, and they determine whether businesses can reach their customers and on what terms. So why hasn’t the Federal Trade Commission (FTC) taken action to break up these companies?
I believe that an outdated interpretation of antitrust law is partly to blame. For decades the standard for evaluating whether to break up monopolies, or block the mergers that create them, has been “consumer welfare.” And this consumer welfare standard has predominantly been interpreted as low prices. If companies can show that a merger or acquisition would not impact prices, for the most part, they win approval. But in the context of technology companies—which often offer “free” platforms and instead sell user attention as their product—this low-prices-focused paradigm makes no sense…”


(Related) ...and Facebook has replaced governments?
Digital Journalism and the New Public Square – Or’ Emet Lecture
A few months ago, the Guardian published a remarkable story revealing that a Cambridge University researcher had harvested as many as 50 million Facebook profiles for Cambridge Analytica, a data analytics firm headed at the time by Steve Bannon, one of Donald Trump’s key advisors.
… Most of you probably remember the Guardian’s story. You may not be familiar, though, with what happened the day before it was published. As the Guardian’s editors were readying their story for print, their lawyers received a letter from Facebook. The letter threatened a lawsuit if the Guardian went ahead with the story. Facebook knew the story would provoke disbelief and outrage and perhaps even a regulatory response, so it tried to quash it with the threat of a lawsuit.
… What are the mechanisms of this influence? In a new article, the legal scholar Kate Klonick argues that the social media platforms should be thought of as “systems of governance,” because they’re now the principal regulators of speech that takes place online. Through their control of the new public square, the platforms are exercising power we ordinarily associate with state actors.




Perspective.
Google Data Collection Is More Extensive and Intrusive Than You Ever Imagined
A new 55-page report from Digital Content Next and Vanderbilt University on Google data collection practices has raised new questions about the extent to which the top tech companies in the world collect and collate user data without their permission or knowledge. The report, authored by Douglas Schmidt, a professor of Computer Science at Vanderbilt, is a detailed look at “a day in the life” of a typical Internet user, offering a never-before-seen look at just how much data Google collects on the average user.


No comments: